Users need a PIN before attempting to use on-demand authentication (ODA) to access a protected resource. You can either set the initial PIN for the user or you can enable users to set their initial PINs and thus relieve administrators of this task.
In the Security Console, go to the Home page.
Use Quick Search to find the user.
Select the user for whom ODA must be enabled.
Under On-Demand Authentication (ODA), click Manage.
For Enable User, select Enable user for on-demand authentication.
Select Require user to set the PIN through the RSA Self-Service Console.