Define Custom Attributes to Send Transaction-Specific Data During On-Demand Authentication

You can define custom attributes to send users transaction-specific data during on-demand authentication. This feature only supports REST-based authentication to RSA Authentication Manager.

After you define custom attributes for the clients that you developed with the SecurID Authentication API, you can provide these custom attributes in the on-demand tokencode message users receive.

For example, your users could receive a custom message that replaces the following variables with values:

To confirm that you want to <BUY or SELL> <number> shares
of <stock symbol>, please enter the tokencode:

Users would enter a tokencode to confirm the transaction.

Before you begin

Use the SecurID Authentication API to define custom attributes for your REST-based, multifactor authentication clients. Your clients can use the existing SessionAttribute parameter to provide attributes during the Initialize interface.

During authentication, the initialization payload should contain the session attributes name and corresponding value. See the following example:

"authnAttemptTimeout": 180,
"clientId": "rest-007",
"subjectName": "adUsr",
"lang": "us_EN",
"sessionAttributes": [
"dataType": "STRING", "name": "DemoAttribute1", "value": "Demo Attribute1_value" }
{ "dataType": "STRING", "name": "DemoAttribute2", "value": "Demo Attribute2_value" }
"subjectCredentials": [],
{ "messageId": "test" }

For more information, see the SecurID Authentication API Developer's Guide.


  1. In the Security Console, click Setup > System Settings.

  2. Click On-Demand Tokencode Delivery.

  3. On the Tokencode Settings tab, specify the on-demand tokencode message text that users receive and the message lifetime.

    Use the following syntax for your custom attributes:

    $S.<Custom Session Attribute name>

    Note: Do not remove $OTT from the message template. This variable is replaced with the tokencode in the actual message.

  4. Click Save.