Configure On-Demand Tokencode Settings

You need to configure the following tokencode settings:

  • On-demand tokencode message

    The on-demand tokencode message is the text of the message that contains the on-demand tokencode that is sent to the user. The maximum length of the text message is 140 bytes and the number of characters depends on the type of character encoding used by the SMS provider. The full payload of 140 bytes can support 160 7-bit characters, 140 8-bit characters, or 70 16-bit characters. The $OTT and $Lifetime variables are replaced with the actual values, which uses some of the available characters.

    Note: Do not remove $OTT from the message template. $OTT is a variable that is replaced with the tokencode.

    You can use the SecurID Authentication API to develop clients that send users transaction-specific data. This feature only supports REST-based authentication to RSA Authentication Manager. See Define Custom Attributes to Send Transaction-Specific Data During On-Demand Authentication.

  • On-demand tokencode lifetime

    The on-demand tokencode lifetime is the number of minutes for which the tokencode is valid. When setting the tokencode lifetime, consider the following:

    • Minimizing tokencode lifetime to increase security

    • Service-level agreements, and their potential limitations, with your SMS provider

    • User behaviors, such as users requesting an on-demand tokencode prior to boarding a plane or walking into an area with no mobile phone service

    The default tokencode lifetime is 60 minutes. You can set the tokencode lifetime between 1 and 70 minutes.

    After a user enters a PIN and receives an on-demand tokencode, the user has up to two minutes to complete authentication. If the user cancels the logon session and tries to authenticate later, the PIN can be used with the tokencode for the on-demand tokencode lifetime.


  1. In the Security Console, click Setup > System Settings.

  2. Under Authentication Settings, click On-Demand Tokencode Delivery.

  3. Click the Tokencode Settings tab.

  4. In the On-Demand Tokencode Message text box, enter the message that you want users to see when they receive their on-demand tokencodes.

    Note: Do not remove $OTT from the message template. $OTT is a variable that is replaced with the tokencode.

  5. (Optional) In the On-Demand Tokencode Lifetime field, change the default setting to an integer from 1 to 70.

  6. Click Save.