• Users can export a set of One Time Tokencodes from the Self-Service Console for authentication without contacting the administrator. This allows users to authenticate if they have lost or misplaced their token.
• The user must be within the network perimeter to use the emergency tokencodes.

Enable Self-Service Features

1. From the Security Console, navigate to Setup > Self-Service Settings.
2. On the Settings page, under Customization, click Enable or Disable Self-Service Features.
3. Select the following features to Enable and set display options:

• Enable provisioning features
• Display log on section
• Display troubleshoot inks
• Display token is temporarily unavailable or misplaced option

4. Click Save.

Set option to allow user to place token in emergency access mode

1. In the Security Console, navigate to Setup > Self-Service Settings.
2. Click Manage Authenticators.
3. In the Emergency Access Tokencode Settings section, select Allow user to place token in emergency access mode. And select Set of One Time Tokencode and the number of codes to be displayed.

4. In the Emergency Access Tokencode Settings for Temporarily Unavailable Tokens section, use the Emergency Access Tokencode Lifetime field to enter the length of time you want the emergency access tokencodes to remain active. For example, validity can be chosen based on travel duration.

5. Click Save

1. Login to the Self-Service Console.
2. Click on Troubleshoot.

3. Select Token is temporarily unavailable or misplaced option and click OK.

4. Click on Export to File to save the tokencodes in a .txt file. 

• This solution works for RSA SecurID software and hardware tokens.
• You can only use the Emergency Tokencode once.
• If a SecurID PIN is linked to the token, have end users authenticate with their PIN + Emergency Tokencode.
• If a SecurID PIN is not linked to the token, have end users authenticate with just the Emergency Tokencode that is displayed.