Article Number
000028924
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
- There is a link for On-Demand Authentication in the RSA Authentication Manager 7.1 Self-Service Console that says "Get an On-Demand Tokencode" link. It leads to the page: "Send Me an On-Demand tokencode" that goes to https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit.
- RSA Authentication Manager 8.x does not have a Get an On-Demand Tokencode link in the Self-Service Console RSA Authentication Manager 7.1 had.
Cause
The feature was removed from RSA Authentication Manager 8.0 and later.
Resolution
This is functioning as designed in RSA Authentication Manager 8.x in that there is no link to request an On-Demand tokencode in the Self-Service Console.
However, the functionality still exists that the page.
The "Send Me an On-Demand tokencode" page can be accessed by using the direct URL of
https://<FQDN>:7004/console-selfservice/OnDemandOTTLogin.do?action=nvPreEdit.
Workaround
The On-Demand tokencode request is normally available through an authentication agent or RADIUS client in RSA Authentication Manager 8.x.
With an On-Demand tokencode, the following process occurs on either the Authentication Agent or RADIUS client:
- The user accesses a protected resource, and the agent prompts the user for a user ID and passcode.
- The user enters his or her user ID and, at the passcode prompt, an On-Demand Authentication (ODA) PIN, not passcode.
- When a user who is enabled for the On-Demand tokencode service enters an ODA PIN at the passcode prompt, Authentication Manager recognizes that the user is actually making a request for an On-Demand tokencode.
- Authentication Manager sends a tokencode to the user.
- The authentication agent prompts the user to enter the tokencode.
- The user enters the received On-Demand tokencode.
This is covered in more detail on
pages 231-232 of the
RSA Authentication Manager 8.1 Administrator's Guide.
