Configure Emergency Access for Provisioning

Before a user can troubleshoot a token and get emergency access tokencodes through the Self-Service Console, you must configure emergency access for provisioning.

The emergency access tokencodes are the following:

  • Temporary Fixed Tokencode (TFT). A temporary tokencode that is combined with the user’s PIN to create a passcode. The user can use this tokencode more than once. You can configure the expiration date and other temporary fixed tokencode attributes.

  • One Time Tokencodes (OTT). A set of tokencodes, each of which can be used only once, and is used with the user’s PIN to create a passcode. You can specify how many tokencodes are in the set.

  • On-Demand Authentication (SMS-based generation). A service that allows users to request on-demand tokencodes delivered by text message or e-mail, instead of tokens. You configure the on-demand tokencode service for requests using the Security Console. Users must be enabled to receive on-demand tokencodes before they can request them.

Procedure

  1. In the Security Console, click Setup > Self-Service Settings.

  2. Click Manage Authenticators.

  3. In the Emergency Access Tokencode Settings section, select Allow user to place token in emergency access mode, and select the following:

    1. To allow users to get emergency access tokencodes, select Token Code (Token-based generation), and specify whether you want users to receive a temporary fixed tokencode, or a set of one-time tokencodes.

    2. To allow users to get emergency on-demand tokencodes, select On-Demand Authentication (SMS-based generation) and enter the number of days for the emergency access SMS token lifetime.

  4. In the Emergency Access Tokencode Settings for Permanently Lost or Broken Tokens section, use the Emergency Access Tokencode Lifetime fields to enter the length of time you want emergency access tokencodes to remain active.

  5. In the Emergency Access Tokencode Settings for Temporarily Unavailable Tokens section, do the following.

    1. Use the Emergency Access Tokencode Lifetime fields to enter the length of time you want emergency access tokencodes to remain active.

    2. Use the If token becomes available buttons to specify how Authentication Manager handles a lost token that is found and used to authenticate.

  6. In the Expiring Token Parameters field, enter the length of time before a token expires that users can request a replacement token.

  7. Click Save.

Related Concepts

Provisioning Overview

Related References

Self-Service Settings