In addition to receiving tokencodes on hardware and software tokens, users can receive tokencodes on mobile phones or through personal e-mail. You can deliver tokencodes to a mobile phone using Short Message Service (SMS), or an e-mail address using Simple Mail Transfer Protocol (SMTP). Tokencodes delivered using SMS or SMTP are called on-demand tokencodes.
Note: To use SMS delivery, you must establish a relationship with an SMS provider, and integrate SMS with RSA Authentication Manager. For a list of supported SMS providers, go to https://community.rsa.com/community/products/rsa-ready/.
As with the tokencode generated by a hardware or software token, on-demand tokencodes are used with a PIN to achieve two-factor authentication. However, on-demand tokencodes differ from tokencodes generated by hardware or software tokens in the following ways:
The user must already be assigned a PIN to use on-demand tokencodes.
You must either manually assign a PIN through the Security Console, or configure Self-Service to allow the user to request an account so that he or she can set a PIN.
The user initiates the request for the on-demand tokencode, either through Self-Service, which you must configure to allow such a request, or through any authentication agent.
Note: The on-demand tokencode service is not supported with authentication agents enabled with EAP 32.
The on-demand tokencode has a lifetime that you configure, after which it expires and can no longer be used to authenticate.
You can use the Security Console to perform the following tasks.
Configure SMS plug-ins for on-demand authentication (ODA).
Import an HTTPS certificate.
Configure e-mail for ODA.
Generate a PIN for user's initial ODA.
Enable on-demand authentication for a user.
Disable on-demand authentication for a user.
Test the integration with your SMS provider.
We want your feedback! Tell us what you think of this page.