Emergency Online Authentication

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Nov 25, 2019
Version 13Show Document
  • View in full screen mode

Users with missing or damaged tokens can continue to have two-factor authentication using an online emergency access tokencode, an 8-character alphanumeric code generated by Authentication Manager.

Note:  Emergency online authentication to RSA authentication agents is supported for Authentication Manager users who lose or misplace the device that has the RSA SecurID Authenticate app. Emergency online authentication is not supported for additional authentication on the Cloud Authentication Service.

The format of the online emergency access tokencode is determined by the token policy of the associated security domain. For example, if the security domain’s token policy allows special characters, the online emergency access tokencode can include special characters.

You cannot assign an online emergency access tokencode to a user with an expired token. If a user has an expired token, assign a new token, and then provide temporary access. For instructions, see Provide an Offline Emergency Passcode.

The following table lists the types of online emergency access tokencodes. Both tokencode types replace the tokencode generated by the user’s token.

                   
Tokencode TypeDescription
Temporary fixed tokencode
  • Can be used more than once.

  • When replacing the RSA SecurID Token, the user must enter this tokencode with his or her RSA SecurID PIN. When replacing the Authenticate app, the user enters only the temporary fixed tokencode.

  • You configure the expiration date or no expiration.

  • Is displayed on the Self-Service Console.

For instructions, see Assign a Temporary Fixed Tokencode.

One-time tokencode
  • Issued in sets.

  • You can determine the number of tokencodes in a set.

  • When replacing the RSA SecurID Token, the user must enter this tokencode with the user’s RSA SecurID PIN. When replacing the Authenticate app, the user only enters the emergency access tokencode.

  • Is displayed on the Self-Service Console.

  • Users can download the set of one-time tokencodes in a file.

  • Each tokencode in the set can only be used once.

For instructions, see Assign a Set of One-Time Tokencodes.

Users can also use the Self-Service Console to request temporary access to Authentication Manager without the assistance of an administrator. For more information, see RSA Self-Service Overview.

 

 

 

 

We want your feedback! Tell us what you think of this page.


Attachments

    Outcomes