You can provide emergency access for users who cannot use their preferred authentication methods. Users may be unable to use a preferred method for a variety of reasons, for example, the user may have lost an RSA SecurID token or FIDO token, or the user cannot locate the mobile phone where the RSA SecurID Authenticate app is registered, or the mobile phone cannot be charged. In such cases, several methods are available for emergency access.
|Emergency Access Method||Description|
|SMS Tokencode||RSA SecurID Access can send an SMS Tokencode to the user's phone in a text message. For emergency access, make sure the Cloud Authentication Service has a phone number for the user that is different from the one registered to use the Authenticate app.|
|Voice Tokencode||RSA SecurID Access can call the user's phone to provide a six-digit tokencode when the user attempts to access an application. For emergency access, make sure the Cloud Authentication Service has a phone number for the user that is different from the one registered to use the Authenticate app. A mobile phone is not required for Voice Tokencode.|
|Offline emergency access tokencode (for Authentication Manager users)|| |
If you configured integration between your RSA Authentication Manager 8.2 SP1 (or later) server and the Cloud Authentication Service, users who use RSA SecurID Authenticate app to access agent-protected resources can call your Help Desk to get an offline emergency access tokencode. This tokencode is valid for a specific time limit (for example, 24 hours), which can to get users through the day until they can retrieve their phone or token. For more information, see Provide an Offline Emergency Access Tokencode.
|Modify the access policy||Edit an access policy to allow a specific user to access the application with password only. In the policy, specify an attribute that identifies the user, such as employeeID. Make sure you revisit the policy the next day to restore its normal settings after the emergency access period.|