Managing Authenticators for Self-Service Users

Users can request authenticators and emergency access through the Self-Service Console. You can use the Security Console to manage the types of authenticators available, emergency access tokencodes, and requests to replace expiring tokens.

  • Hardware Token Types Available for Request. You can select which types of tokens are available, the authentication method, and a default type for Self-Service users.

  • Software Token Profiles Available for Request. You can select which software token profiles are available. The software token profile designates the authentication method and the token delivery method. You can allow users to edit token attribute details, and to select a default type for Self-Service users.

  • On-Demand Authentication(ODA)Settings. You can allow users to request the ODA service as a primary authentication type. You need to configure the ODA settings to enable provisioning users to request this service.

  • Token File Password Settings. You can require users to provide a password to protect the software token file.

  • Emergency Access Tokencode Settings. Users whose tokens are temporarily or permanently unavailable may require emergency access. Self-Service users can obtain emergency access themselves rather than calling the Help Desk. You can configure the type of emergency access to make available to users.

  • Expiring Token Parameters. Users can request a replacement token through the Self-Service Console if a token is about to expire. You can configure the number of days before expiration that users can make this request. The default is within 30 days of expiration.

If you want reports about authenticator distribution and use, you can use the RSA Authentication Manager standard reports or you can create custom reports. For more information about reports, see Reports Permitted for Each Administrative Role.