Provide an Offline Emergency Access Tokencode

A user needs offline emergency access when the user's Windows device cannot contact the AM server through the network and the user's RSA SecurID Token is unavailable, or the user forgot his or her PIN.

You can provide an offline emergency access tokencode to replace the token generated by the user's RSA SecurID Token or RSA Authenticator app. RSA SecurID users must enter the offline emergency access tokencode with a PIN to perform two-factor authentication. Authenticate app users enter the offline emergency access tokencode without a PIN.

You can configure the following:

• Specify that a new offline emergency access tokencode is downloaded the next time the user authenticates online.

• Allow the offline emergency access tokencode to be used for online and offline authentication.

You can provide an offline emergency access tokencode on any primary or replica instance.

Before you begin 

• The user’s security domain must allow offline authentication and permit the user to download offline emergency access tokencodes.

• The user must have authenticated to an agent that supports offline authentication and the agent has downloaded days of offline authentication data.

Procedure 

1. In the Security Console, click Authentication > SecurID Tokens > Manage Existing.

2. Use the search fields to find the token for the user who needs an offline emergency access tokencode.

3. From the search results, click the token.

4. From the context menu, click Emergency Access Tokencodes.

5. On the Manage Emergency Access Tokencodes page, note the Offline Emergency Access Tokencode and its expiration date.

6. Select Reset Offline Emergency Access Tokencode, if you want the user to download a new offline emergency access tokencode the next time he or she authenticates online. If selected, the new tokencode downloads automatically.

7. Click Use offline code for online access, if you want the offline emergency access tokencode used for online authentication.

8. Click Save.