RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0
If the emergency access tokencode has special characters in it, emergency access tokencodes do not work in the RSA Authentication Agent 2.0 for Microsoft AD FS.
The error observed is as follows:
You must enter a passcode
There will be no messages in the real-time authentication activity monitors regarding authentication failure.
A workaround would be to edit the token policy in Authentication Manager to not 'Include special characters' resolves the issue.
To edit the token policy,
- Login to Security Console.
- Navigate to Authentication > Policies > Token Policies > Initial Token Policy (or the relevant token policy).
- Click Edit.
- At the bottom of the page under Emergency Access Code Format, make sure the following are checked:
- Include numeric characters
- Include alphabetic characters
- Uncheck the option for Include special characters.
- Click Save.
- Authentication will work fine with letters, numbers or both.