You can use the auth_manager.admin.eatokencode_expire_days global configuration value to set the maximum number of days that new Emergency Access Tokencodes can remain active. When a user or administrator activates a new Emergency Access Tokencode, they will not be allowed to set the expiration date later than the maximum lifetime you specify.
Run the following command and then restart Authentication Manager services:
./rsautil store -a add_config auth_manager.admin.eatokencode_expire_days days_value GLOBAL 501
where days_value is the maximum number of days that new Emergency Access Tokencodes can remain active.