This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA Authentication Manager On-Demand Authentication (ODA) failing with the following error: User provided incorrect On-Demand Service PIN while requesting tokencode.

Article Number

000035369

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
 

Issue

On-Demand Authentication (ODA) failing with the following error shown in the authentication activity report:
 
Date & Time: 2017-07-10 11:16:03.89
Log Level: ERROR
Activity Key: Principal authentication
Description: User <user ID> attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “<security domain>"
Action Result Key: Failure
Result Key: SMS_METHOD_FAILED_PIN_STAGE
Result: Authentication method failed. User provided incorrect On-Demand Service PIN while requesting tokencode.
User ID: <user ID>
User First Name: <user first name>
User Last Name: <user last name>
User Security Domain: <user security domain>
User Identity Source Name: <user identity source name>
Agent Type: 8
Agent Name: N/A
Agent IP: N/A
Agent Security Domain: N/A
Authentication Method: OnDemand
Policy Expression: (RSA_Password/LDAP_Password)+RBA
Argument 1: AUTHN_LOGIN_EVENT
Argument 2: N/A
Argument 3: N/A
Argument 4: N/A
Argument 5: N/A
Argument 6: N/A
Argument 7: N/A
Argument 8: 80022261191ca8c01c595263cb1d51dd
Argument 9: <user mobile number>
Argument 10: N/A
Instance Name: <instance name>
Client IP: <client IP address>
Server Node IP: <server node IP address>
Additional Information: N/A
Actor GUID: <actor GUID>
Session ID: <session ID>
Agent GUID: N/A

Cause

An incorrect on-demand PIN was entered.

Resolution

  • Have the end user try again with the correct PIN.
  • If the end user does not remember the PIN,
  1. Access the Security Console and choose one of the two options:
    1. From the Quick User Search, bring up the user who is having an issue.
    2. Alternatively, search for the user and click on the drop down arrow next to the result and click SecurID Tokens.
  2. Under On-Demand Authentication (ODA), click Manage.
  3. Next to Associated PIN, check the option to Clear existing PIN and set a temporary PIN for the user.  An example  temporary PIN could be the user's initials and last four digits of their mobile number.
  4. Click Save when done.
  5. Communicate this new PIN to the user.
  6. Have them attempt to authenticate again to verify the fix.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 11:01 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.