Enable On-Demand Authentication for a User

On-demand authentication (ODA) delivers a one-time tokencode to a user’s mobile phone, e-mail account, or both. On-demand tokencodes expire after a specified time period, enhancing their security. ODA protects network resources that users access through SSL-VPNs, web portals, or browser-based thin clients.

Enable ODA for users so they can receive on-demand tokencodes.

Before you begin

Configure On-Demand Tokencode Delivery.


  1. In the Security Console, click Authentication > On-Demand Authentication > Enable Users.

  2. Use the search fields to find the user for whom you want to enable ODA. Some fields are case sensitive.

  3. Enable users for ODA.

    To enable one user, do the following:

    1. From the search results, click the user that you want to enable for ODA.

    2. From the context menu, click Enable for ODA.

    To enable multiple users, do the following:

    1. From the list of available users, select the checkboxes next to the ones that you want to enable for ODA.

    2. Click Enable for ODA.

  4. Use the Send On-Demand Tokencodes to options to select a delivery method for on-demand tokencodes if applicable. Specify an e-mail address or phone number if necessary.

    Note: If you elect to send an on-demand tokencode to a user's e-mail address, make sure that the user does not need the on-demand tokencode to access the e-mail account.

  5. Use the Expiration Date options to specify the length of time the user can request on-demand tokencodes. You can specify an exact date or no expiration date.

  6. Use the Associated PIN options to specify how the user's initial PIN is created. Create an initial PIN if necessary.

  7. Click Save.