This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® Authentication Manager Documentation

Browse the official RSA Authentication Manager documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
Collections
All Downloads

Table of Contents

Product Resources

Emergency Access for RSA Authentication Manager Users

Online authentication provides emergency access for users with missing or damaged tokens.

You can provide online or offline emergency access to resources protected by RSA Authentication Manager in the following situations.

User Situation Requiring Emergency Access Available Methods

  • The user's RSA SecurID Token or RSA SecurID Authenticate app is unavailable.

  • The user's device can reach the Authentication Manager server over the network.

Temporary fixed tokencode

One-time tokencode

See Tokencodes for Online Emergency Access.

  • The user's RSA SecurID Token or Authenticate app is unavailable.

  • The user forgot his or her RSA SecurID PIN.

  • The user's Windows device cannot reach the Authentication Manager server through the network.

Offline emergency access tokencode

Offline emergency access passcode

See Tokencodes for Offline Emergency Access .

Note:   These emergency access methods cannot be used to access resources protected by the Cloud Authentication ServiceHowever, you can use the online emergency access method to access resources integrated directly with the Cloud Authentication Service. If you are a SecurID Token user, you must select SecurID Token as an authentication method.

​Tokencodes for Online Emergency Access

There are two types of online emergency access tokencodes. Each tokencode is an 8-character alphanumeric code generated by Authentication Manager. The user's device must be able to reach Authentication Manager on the network.

Users must have been assigned a valid, unexpired RSA SecurID Token before they receive an online emergency access tokencode. If a user's token has expired, first assign a new token and then provide temporary access.

Tokencode Type Description
Temporary fixed tokencode

  • Can be used more than once.

  • When the user's RSA SecurID Token is unavailable, the user must enter this tokencode with the RSA SecurID PIN. When the Authenticate app is unavailable, the user enters only the temporary fixed tokencode. A PIN might be required to view the tokencode on the mobile device, but this is not the RSA SecurID PIN.

  • You configure the expiration date or no expiration.

  • Is displayed on the Self-Service Console.

For instructions, see Assign a Temporary Fixed Tokencode.
One-time tokencode

  • Issued in sets.

  • You can determine the number of tokencodes in a set.

  • RSA SecurID users must enter this tokencode with the RSA SecurID PIN to perform two-factor authentication. Authenticate app users enter this tokencode without a PIN. A PIN might be required to view the tokencode on the mobile device, but this is not the RSA SecurID PIN.

  • Is displayed on the Self-Service Console.

  • Users can download the set of one-time tokencodes in a file.

  • Each tokencode in the set can only be used once.

For instructions, see Assign a Set of One-Time Tokencodes.

Users can also use the Self-Service Console to request temporary access to Authentication Manager without the assistance of an administrator. For more information, see RSA Self-Service Overview.

Online Emergency Access Tokencode Format

When online emergency access is used because the user's RSA SecurID token is unavailable, the token policy of the associated security domain determines the format of the online emergency access tokencode. For example, if the security domain’s token policy allows special characters, the online emergency access tokencode can include special characters.

This token policy is not considered when the online emergency access method is used in place of the Authenticate app.

​Tokencodes for Offline Emergency Access

Offline emergency access is intended for when the user cannot access the Authentication Manager server on the network. You must provide the emergency offline authentication codes in advance, when the user has online connectivity. The system generates and downloads an offline passcode or tokencode to the user's Windows device before the user needs it. These codes cannot be sent to a user who is offline.

Note:  These methods cannot be used in place of the Authenticate app.

Tokencode Type Description
Offline emergency access tokencode

  • Used when the user's RSA SecurID token or RSA SecurID Authenticate app is unavailable.

  • RSA SecurID users must enter the offline emergency access tokencode with the RSA SecurID PIN to perform two-factor authentication.

  • Can be used for online or offline authentication.

    For instructions, see Provide an Offline Emergency Access Tokencode
Offline emergency passcode

 

 

 

 

 

You are here

Table of Contents > Emergency Access > Emergency Access for Authentication Manager Users

Labels (2)
0 Likes
Was this article helpful? Yes No
No ratings
© 2023 RSA Security LLC or its affiliates. All rights reserved.