Authenticating using emergency access tokencodes containing special characters does not work with RSA Authentication Agent 2.0 for Microsoft AD FS

4 years ago

Originally Published: 2019-02-21

Article Number

000044708

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for AD FS
RSA Version/Condition: 2.0

Issue

If the emergency access tokencode has special characters in it, emergency access tokencodes do not work in the RSA Authentication Agent 2.0 for Microsoft AD FS.

The error observed is as follows:

You must enter a passcode

There will be no messages in the real-time authentication activity monitors regarding authentication failure.

Workaround

A workaround would be to edit the token policy in Authentication Manager to not 'Include special characters' resolves the issue.

To edit the token policy,

Login to Security Console.
Navigate to Authentication > Policies > Token Policies > Initial Token Policy (or the relevant token policy).
Click Edit.
At the bottom of the page under Emergency Access Code Format, make sure the following are checked:

Include numeric characters
Include alphabetic characters

Uncheck the option for Include special characters.
Click Save.
Authentication will work fine with letters, numbers or both.

Don't see what you're looking for?

Potential Impact from Salesforce Device Activation Change

Related Articles

Trending Articles