Emergency Access for Cloud Authentication Service Users

Document created by RSA Information Design and Development on Aug 18, 2017Last modified by RSA Information Design and Development on Nov 15, 2019
Version 27Show Document
  • View in full screen mode

You can provide emergency access for users who cannot use their preferred authentication methods. Users may be unable to use a preferred method for a variety of reasons, for example, the user may have lost an RSA SecurID token or FIDO token, or the user cannot locate the mobile phone where the RSA SecurID Authenticate app is registered, or the mobile phone cannot be charged. In such cases, several methods are available for emergency access.

                           
Emergency Access MethodDescription
SMS TokencodeRSA SecurID Access can send an SMS Tokencode to the user's phone in a text message. For emergency access, make sure the Cloud Authentication Service has a phone number for the user that is different from the one registered to use the Authenticate app. For more information, see Supported Authentication Methods - SMS Tokencode.
Voice TokencodeRSA SecurID Access can call the user's phone to provide a six-digit tokencode when the user attempts to access an application. For emergency access, make sure the Cloud Authentication Service has a phone number for the user that is different from the one registered to use the Authenticate app. A mobile phone is not required for Voice Tokencode. For more information, see Supported Authentication Methods - Voice Tokencode.
Emergency Tokencode

If a user forgets or misplaces a registered device, you can provide the user with an Emergency Tokencode. The next time the user attempts to access the protected resource, the user can select Emergency Tokencode from the list of authentication options. The tokencode is valid for the configured number of days (1-7). For more information see Supported Authentication Methods - Emergency Tokencode.

Offline emergency access tokencode from RSA Authentication Manager

Offline emergency access is available to users who use the RSA SecurID Authenticate app to access resources protected by Authentication Manager under the following conditions:

  • You configured integration between your RSA Authentication Manager 8.2 SP1 (or later) server and the Cloud Authentication Service.

  • The network connection between Authentication Manager and the Cloud Authentication Service has been disrupted and the Cloud Authentication Service cannot validate the Authenticate Tokencode.

  • The user can still access the network that communicates with Authentication Manager.

Under these circumstances, users can call your Help Desk to get an offline emergency access tokencode that is generated using the Security Console. This tokencode is valid for a specific time limit (for example, 24 hours), which can to get users through the day until they can retrieve their phone or token. For more information, see Provide an Offline Emergency Access Tokencode.

Note:  This tokencode cannot be used to access resources protected by the Cloud Authentication Service.

 

 

We want your feedback! Tell us what you think of this page.

You are here
Table of Contents > Authentication Methods and Emergency Access > Emergency Access for Cloud Authentication Service Users

Attachments

    Outcomes