000035369 - RSA Authentication Manager On-Demand Authentication (ODA) failing with the following error:  User provided incorrect On-Demand Service PIN while requesting tokencode.

Document created by RSA Customer Support Employee on Jul 20, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035369
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
IssueOn-Demand Authentication (ODA) failing with the following error shown in the authentication activity report:
Date & Time: 2017-07-10 11:16:03.89
Log Level: ERROR
Activity Key: Principal authentication
Description: User <user ID> attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “<security domain>"
Action Result Key: Failure
Result: Authentication method failed. User provided incorrect On-Demand Service PIN while requesting tokencode.
User ID: <user ID>
User First Name: <user first name>
User Last Name: <user last name>
User Security Domain: <user security domain>
User Identity Source Name: <user identity source name>
Agent Type: 8
Agent Name: N/A
Agent IP: N/A
Agent Security Domain: N/A
Authentication Method: OnDemand
Policy Expression: (RSA_Password/LDAP_Password)+RBA
Argument 2: N/A
Argument 3: N/A
Argument 4: N/A
Argument 5: N/A
Argument 6: N/A
Argument 7: N/A
Argument 8: 80022261191ca8c01c595263cb1d51dd
Argument 9: <user mobile number>
Argument 10: N/A
Instance Name: <instance name>
Client IP: <client IP address>
Server Node IP: <server node IP address>
Additional Information: N/A
Actor GUID: <actor GUID>
Session ID: <session ID>
Agent GUID: N/A
CauseAn incorrect on-demand PIN was entered.
  • Have the end user try again with the correct PIN.
  • If the end user does not remember the PIN,
  1. Access the Security Console and choose one of the two options:
    1. From the Quick User Search, bring up the user who is having an issue.
    2. Alternatively, search for the user and click on the drop down arrow next to the result and click SecurID Tokens.
  2. Under On-Demand Authentication (ODA), click Manage.
  3. Next to Associated PIN, check the option to Clear existing PIN and set a temporary PIN for the user.  An example  temporary PIN could be the user's initials and last four digits of their mobile number.
  4. Click Save when done.
  5. Communicate this new PIN to the user.
  6. Have them attempt to authenticate again to verify the fix.