Set an Initial On-Demand Authentication PIN for a User
On-demand authentication (ODA) always requires a PIN to request a tokencode. You can set the initial PIN for the user. The following procedure is for a user who is not yet enabled for ODA.
Procedure
In the Security Console, click Identity > Users > Manage Existing.
Use the search fields to find the user for whom you want to enable ODA and set an initial PIN.
Click the user.
Select SecurID Tokens.
Under On-Demand Authentication, select Enable User.
For Expiration Date, specify No expiration or the date when on-demand authentication expires.
For Send On-Demand Tokencodes to, specify the delivery method.
For Associated PIN, do one of the following:
Select Require user to setup the PIN through RSA Self-Service Console.
Select Set initial PIN to, and enter the initial PIN.
Click Save.
If you have set the initial PIN, securely communicate the initial PIN to the user.
Related Concepts
Related Articles
Set a Temporary On-Demand Tokencode PIN for a User Number of Views RSA Announces RSA Authentication Agent 2.0.1 for Microsoft AD FS Support for Windows Server 2019 Number of Views RSA Card Reset Utility unable to unlock/reset SmartCard PIN Number of Views RSA Identity Governance & Lifecycle aveksaServer.log repeatedly shows "updateServerAgentUptimeDate: Setting new uptime for… Number of Views Reset the token PIN in the RSA Authentication Manager 8.x Self-Service Console when the existing PIN is forgotten Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
