Emergency Access for Cloud Authentication Service Users

Document created by RSA Information Design and Development on Aug 18, 2017Last modified by RSA Information Design and Development on Sep 15, 2017
Version 2Show Document
  • View in full screen mode

You can provide emergency access for users who cannot use their preferred authentication methods. Users may be unable to use a preferred method for a variety of reasons, for example, the user may have lost an RSA SecurID token or FIDO token, or the user cannot locate the mobile phone where the RSA SecurID Authenticate app is registered, or the mobile phone cannot be charged. In such cases, several methods are available for emergency access.

Emergency Access MethodDescription
SMS TokencodeRSA SecurID Access can send an SMS Tokencode to the user's phone in a text message. For emergency access, make sure the Cloud Authentication Service has a phone number for the user that is different from the one registered to use the Authenticate app.
Offline emergency access tokencode

If you configured integration between your RSA Authentication Manager 8.2 SP1 (or later) server and the Cloud Authentication Service, users who use RSA SecurID Authenticate app can call your Help Desk to get an offline emergency access tokencode. This tokencode is valid for a specific time limit (for example, 24 hours), which can to get users through the day until they can retrieve their phone or token. For more information, see Provide an Offline Emergency Access Tokencode.

Modify the access policyEdit an access policy to allow a specific user to access the application with password only. In the policy, specify an attribute that identifies the user, such as employeeID. Make sure you revisit the policy the next day to restore its normal settings after the emergency access period.



You are here
Table of Contents > Authentication Methods > Emergency Access for Cloud Authentication Service Users