RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>RSA</strong> <strong>Authentication</strong> <strong>Manager</strong> <strong>7.1</strong> Administrator’s <strong>Guide</strong><br />
In the Online Emergency Access section of the Manage Emergency Access<br />
Tokencodes page, you can configure the following attributes:<br />
• Select the type of Online Emergency Access Tokencode:<br />
– Temporary Fixed Tokencode<br />
– One Time-Tokencode set<br />
• Select the number of tokencodes in the set (One-Time Tokencode sets only).<br />
• Set the Online Emergency Access Tokencode lifetime.<br />
For security reasons, you may want to limit the length of time the Online<br />
Emergency Access Tokencode can be used. Because the Online Emergency<br />
Access Tokencode is a fixed code, it is not as secure as the pseudorandom number<br />
generated by the token.<br />
• Specify what happens if the missing token is recovered (if the user finds the lost<br />
token, for example). You have the following options:<br />
– Deny authentication with token<br />
Use this option if you do not want the token to be used for authentication if<br />
recovered.<br />
Important: If the token is permanently lost or stolen, use this option. This<br />
safeguards the protected resources in the event the token is found by an<br />
unauthorized individual who attempts to authenticate.<br />
– Allow authentication with token at any time and disable online emergency<br />
tokencode<br />
Use this option if the token is temporarily misplaced (the user left the token at<br />
home, for example). When the user recovers the token, he or she can<br />
immediately resume using the token for authentication. The Online<br />
Emergency Access Tokencode is disabled as soon as the recovered token is<br />
used.<br />
– Allow authentication with token only after the emergency code lifetime has<br />
expired and disable online emergency tokencode<br />
You can also use this option for temporarily misplaced tokens, however when<br />
the missing token is recovered, it cannot be used for authentication until the<br />
Online Emergency Access Tokencode expires.<br />
Note: You cannot assign an Online Emergency Access Tokencode (Temporary Fixed<br />
Tokencode or One-Time Tokencode set) to a disabled token.<br />
For example, a user calls because he or she left his or her SecurID token at the office.<br />
The user is currently at home and needs to authenticate immediately. Although the<br />
token is not lost, the user still requires temporary access. In this situation, you can<br />
generate an Temporary Fixed Tokencode for the user.<br />
98 4: Administering Users