Users need a PIN before attempting to use on-demand authentication (ODA) to access a protected resource. You can either set the initial PIN for the user or you can enable users to set their initial PINs and thus relieve administrators of this task.
In the Security Console, click Identity > Users > Manage Existing.
Use the search fields to find the user for whom you want to enable.
Click the user for whom you want to enable.
Click SecurID Tokens.
Under On-Demand Authentication, if the user is not enabled for ODA, select Enable user for on-demand authentication.
SelectRequire user to set the PIN through the RSA Self-Service Console.