Require a System-Generated PIN
A user’s token policy determines whether his or her SecurID PIN must be system-generated. System-generated PINs are more secure because they are randomly selected by the server. This prevents a user from selecting a PIN that is easy to guess.
To require system-generated PINs, you must edit the token policy.
RSA RADIUS does not allow system-generated PINs by default. If the token policy requires system-generated PINS, you must edit the RADIUS configuration file securid.ini. For instructions on editing RADIUS configuration files, see Edit RADIUS Server Files.
Procedure
In the Security Console, click Authentication > Policies > Token Policies > Manage Existing.
Use the search fields to find the token policy that you want to edit.
From the search results, click the token policy that you want to edit.
From the context menu, click Edit.
Use the PIN Creation Method buttons to select Require system-generated PIN.
Click Save.
Related Articles
Require a User to Change a Password using the User Dashboard Number of Views Require Users to Change Their RSA SecurID PINs Number of Views Require Password Change at Next Logon Number of Views Email and log file timestamps are incorrect in RSA Identity Governance & Lifecycle Number of Views SAP AFX Connector Update an Account capability fails to update any SAP account attributes in RSA Identity Governance & Lif… Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
