Define Custom Attributes to Send Transaction-Specific Data During On-Demand Authentication
You can define custom attributes to send users transaction-specific data during on-demand authentication. This feature only supports REST-based authentication to RSA Authentication Manager.
After you define custom attributes for the clients that you developed with the SecurID Authentication API, you can provide these custom attributes in the on-demand tokencode message users receive.
For example, your users could receive a custom message that replaces the following variables with values:
To confirm that you want to <BUY or SELL> <number> shares
of <stock symbol>, please enter the tokencode:
Users would enter a tokencode to confirm the transaction.
Before you begin
Use the SecurID Authentication API to define custom attributes for your REST-based, multifactor authentication clients. Your clients can use the existing SessionAttribute parameter to provide attributes during the Initialize interface.
During authentication, the initialization payload should contain the session attributes name and corresponding value. See the following example:
{
"authnAttemptTimeout": 180,
"clientId": "rest-007",
"subjectName": "adUsr",
"lang": "us_EN",
"sessionAttributes": [
{
"dataType": "STRING", "name": "DemoAttribute1", "value": "Demo Attribute1_value" }
,
{ "dataType": "STRING", "name": "DemoAttribute2", "value": "Demo Attribute2_value" }
],
"subjectCredentials": [],
"context":
{ "messageId": "test" }
}
For more information, see the SecurID Authentication API Developer's Guide.
Procedure
In the Security Console, click Setup > System Settings.
Click On-Demand Tokencode Delivery.
On the Tokencode Settings tab, specify the on-demand tokencode message text that users receive and the message lifetime.
Use the following syntax for your custom attributes:
$S.<Custom Session Attribute name>
Note: Do not remove $OTT from the message template. This variable is replaced with the tokencode in the actual message.
Click Save.
Related Tasks
Related Articles
Custom State button is not displayed in a Review in RSA Governance & Lifecycle Number of Views RSA Governance & Lifecycle Recipes: Extending Objects in the AVUSER Schema with Custom Attributes Number of Views How to create and manage Entitlement Attributes through the User Interface in RSA Identity Governance & Lifecycle Number of Views "ORA-00020: maximum number of processes (500) exceeded" when attempting to connect to the Oracle Database on IGL Number of Views The review "Include sub-groups" option does not include sub-groups in the review in RSA Identity Governance and Lifecycle Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
