This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA® Authentication Manager Documentation

Browse the official RSA Authentication Manager documentation for helpful tutorials, step-by-step instructions, and other valuable resources.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Versions
Collections
All Downloads

Table of Contents

Product Resources

Assign a Set of One-Time Tokencode for Online Emergency Access

You can provide temporary access for a user whose token has been permanently lost or destroyed by assigning a set of one-time tokencodes.

You can provide online emergency access for a user whose RSA SecurID Token or RSA SecurID Authenticate app is temporarily unavailable by assigning a set of one-time tokencodes. Each one-time tokencode can be used once in place of the user's missing token. The set of tokencodes allows a user to authenticate multiple times without contacting an administrator each time.

RSA SecurID users must enter the one-time tokencode with the RSA SecurID PIN to perform two-factor authentication. Authenticate app users enter the one-time tokencode without a PIN. (A PIN might be required to view the tokencode on the mobile device, but this is not the RSA SecurID PIN.)

The user must be able to access the RSA Authentication Manager network when using a one-time tokencode.

Note:  One-time tokencodes can only be used to access resources protected by Authentication Manager. They cannot be used to access resources protected by the Cloud Authentication Service.

Before you begin 

Users must have already been an assigned a valid (not expired) RSA SecurID token before you send them sets of one-time tokencodes. This requirement also applies to users who will use a one-time tokencode in place of the Authenticate app.

Procedure 

  1. In the Security Console, click Authentication > SecurID Tokens > Manage Existing.

  2. Use the search fields to find the appropriate token.

  3. From the search results, click the token with which you want to work.

  4. From the context menu, click Emergency Access Tokencodes.

  5. On the Manage Emergency Access Tokencodes page, select the Online Emergency Access checkbox to enable authentication with an online emergency access tokencode.

  6. Select Set of One-Time Tokencodes.

  7. Enter the number of tokencodes that you want to generate.

  8. Click Generate Codes. The set of tokencodes displays below the Generate Codes button.

  9. Record the set of one-time tokencodes so you can communicate them to the user.

  10. Select one of the following options for the Emergency Access Tokencode Lifetime:

    • No expiration.

    • Set an expiration date for the tokencode.

  11. In the If Token Becomes Available field, configure how Authentication Manager handles lost or unavailable tokens that become available.

    • Deny authentication with the recovered token.

      If a token is permanently lost or stolen, deny authentication with the recovered token so that it cannot be used for authentication if recovered by an unauthorized individual. This is essential if the lost token does not require a PIN.

    • Allow authentication with the recovered token while simultaneously disabling the emergency access tokencode.

    • Allow authentication with the recovered token only after the emergency access tokencode has expired.

  12. Click Save.

 

Related Concepts

RSA SecurID Tokens

 

 

 

You are here
Table of Contents > Emergency Access > Assign a Set of One-Time Tokencodes
Labels (2)
0 Likes
Was this article helpful? Yes No
No ratings
© 2023 RSA Security LLC or its affiliates. All rights reserved.