Configure Emergency Access for Provisioning
Before a user can troubleshoot a token and get emergency access tokencodes through the Self-Service Console, you must configure emergency access for provisioning.
The emergency access tokencodes are the following:
Temporary Fixed Tokencode (TFT). A temporary tokencode that is combined with the user’s PIN to create a passcode. The user can use this tokencode more than once. You can configure the expiration date and other temporary fixed tokencode attributes.
One Time Tokencodes (OTT). A set of tokencodes, each of which can be used only once, and is used with the user’s PIN to create a passcode. You can specify how many tokencodes are in the set.
On-Demand Authentication (SMS-based generation). A service that allows users to request on-demand tokencodes delivered by text message or e-mail, instead of tokens. You configure the on-demand tokencode service for requests using the Security Console. Users must be enabled to receive on-demand tokencodes before they can request them.
Procedure
In the Security Console, click Setup > Self-Service Settings.
Click Manage Authenticators.
In the Emergency Access Tokencode Settings section, select Allow user to place token in emergency access mode, and select the following:
To allow users to get emergency access tokencodes, select Token Code (Token-based generation), and specify whether you want users to receive a temporary fixed tokencode, or a set of one-time tokencodes.
To allow users to get emergency on-demand tokencodes, select On-Demand Authentication (SMS-based generation) and enter the number of days for the emergency access SMS token lifetime.
In the Emergency Access Tokencode Settings for Permanently Lost or Broken Tokens section, use the Emergency Access Tokencode Lifetime fields to enter the length of time you want emergency access tokencodes to remain active.
In the Emergency Access Tokencode Settings for Temporarily Unavailable Tokens section, do the following.
Use the Emergency Access Tokencode Lifetime fields to enter the length of time you want emergency access tokencodes to remain active.
Use the If token becomes available buttons to specify how AM handles a lost token that is found and used to authenticate.
In the Expiring Token Parameters field, enter the length of time before a token expires that users can request a replacement token.
Click Save.
Related Articles
Edit Emergency Access Code Format Requirements Number of Views Assign a Set of One-Time Tokencode for Online Emergency Access Number of Views Emergency Access for Cloud Access Service Users Number of Views Cloud Access Service - Authentication Methods and Emergency Access Number of Views Provide an Offline Emergency Access Tokencode Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
