On-Demand Tokencode Delivery by Mobile Phone or E-Mail

In addition to receiving tokencodes on hardware and software tokens, users can receive tokencodes on mobile phones, through personal e-mail, or through both methods. You can deliver tokencodes to a mobile phone using Short Message Service (SMS), or an e-mail address using Simple Mail Transfer Protocol (SMTP). Tokencodes delivered using SMS or SMTP are called on-demand tokencodes.

Note: To use SMS delivery, you must establish a relationship with an SMS provider, and integrate SMS with RSA Authentication Manager. For a list of supported SMS providers, go to https://community.rsa.com/community/products/rsa-ready/.

As with the tokencode generated by a hardware or software token, on-demand tokencodes are used with a PIN to achieve two-factor authentication. However, on-demand tokencodes differ from tokencodes generated by hardware or software tokens in the following ways:

  • The user must already be assigned a PIN to use on-demand tokencodes.

    You must either manually assign a PIN through the Security Console, or configure Self-Service to allow the user to request an account so that he or she can set a PIN.

  • The user initiates the request for the on-demand tokencode, either through Self-Service, which you must configure to allow such a request, or through any authentication agent.

    Note: The on-demand tokencode service is not supported with authentication agents enabled with EAP 32.

  • The on-demand tokencode has a lifetime that you configure, after which it expires and can no longer be used to authenticate.

You can use the Security Console to perform the following tasks.

Task

Related Information

Configure SMS plug-ins for on-demand authentication (ODA).

Configure On-Demand Tokencode Delivery

Configure the HTTP Plug-In for On-Demand Tokencode Delivery

Import an HTTPS certificate.

Import a Digital Certificate

Configure e-mail for ODA.

Configure E-mail for On-Demand Tokencode Delivery

Generate a PIN for user's initial ODA.

Set a Temporary On-Demand Tokencode PIN for a User

Enable on-demand authentication for a user.

Enable On-Demand Authentication for a User

Disable on-demand authentication for a user.

Disable On-Demand Authentication for a User

Test the integration with your SMS provider.

Test Your SMS Provider Configuration

Related Concepts

On-Demand Authentication

On-Demand Authentication with an Authentication Agent or a RADIUS Client

Restrictions of On-Demand Tokencodes

Related Tasks

Configure On-Demand Tokencode Settings