Configure On-Demand Tokencode Delivery

If you plan to use on-demand tokencodes as an authentication method, you must use the Security Console to configure the deployment to send on-demand tokencodes. RSA Authentication Manager can deliver on-demand tokencodes in two ways:

  • To mobile phones by text message. You can configure an SMS provider or modem to integrate with Authentication Managerto deliver on-demand tokencodes to a user’s mobile phone. Use the parameters required by the SMS provider or modem vendor.

  • To e-mail accounts. You must configure a connection to a Simple Mail transfer Protocol (SMTP) server.

For each user, you can select a preferred delivery method or use both methods.

Before you begin

  • If you plan to configure tokencode delivery by text message, ensure that Authentication Manager has access to the identity source attributes where you store mobile phone numbers. Authentication Manager automatically maps to the mobile attributes in the internal database and an LDAP directory.

  • (Optional) Using the Security Console, you can map to custom attributes in the internal database and an LDAP directory. See Identity Attribute Definitions for On-Demand Tokencode Delivery by Text Message.

  • If you plan to configure tokencode delivery to a user’s e-mail address, confirm that your e-mail is managed by an SMTP server.

  • Make sure that all users’ destination mobile phone numbers meet the following requirements:

    • The mobile phone numbers must include country codes. If they are not already stored with country codes, select a country code when you configure on-demand tokencode delivery to mobile phones.

    • End the mobile phone number with a number.

    • The mobile phone number may begin with the plus (+) character.

    • Use the following characters or a blank space for separators: . - ( ).

    • Do not use alphabetic characters or any other characters not mentioned in this list.

    The following are examples of valid destination mobile phone numbers:

    +1 123 123 1234

    +44 1234-123-123-1

    123 123 1234

    123.123.1234

    (123) 123-1234

Procedure

  1. In the Security Console, click Setup > System Settings.

  2. Click On-Demand Tokencode Delivery.

  3. On the SMS Configuration tab, specify the user attributes that will be used to provide the tokencode destination information and manage plug-in configurations.

  4. If you have enabled this feature, you can select the Add Delivery by E-mail checkbox to deliver tokencodes by both SMS and e-mail.

    E-mail delivery requires a configured e-mail (SMTP) server and a user e-mail address if the user selects Mobile Number (SMS) as the preferred option for on-demand authentication.

  5. Test the SMS Provider Integration.

  6. If the provider integration test is successful, click Save.

  7. On the E-mail Configuration tab, specify the user attribute that will be used to provide the tokencode destination information.

  8. Click Save.

  9. On the Tokencode Settings tab, specify the on-demand tokencode message text that users receive and the message lifetime.

  10. Click Save.

Related Tasks

Configure On-Demand Tokencode Settings

Configure the HTTP Plug-In for On-Demand Tokencode Delivery

Configure E-mail for On-Demand Tokencode Delivery