Dynamic Seed provisioning using QR Code
Originally Published: 2015-02-17
Article Number
Applies To
Issue
- administrative setup:-
- add software token profile (that support the QR code)
- Distribute Software token
- Token provisioning request by end user from self-service console
- Import software token by end user from self-service console
Resolution
Dynamic Seed Provisioning Using QR Code
The QR Code feature is supported by the following:
- RSA SecurID Software Token 2.x for iOS
- RSA SecurID Software Token 2.x for Android
Activate QR Code
- Add software token profiles that support QR codes (2.x for iOS / 2.x for Android):
Authentication → Software Token Profiles → Add New → Import new device definition file (if 2.x is not found in the device type) → Save. - Under Profile Settings tab:
- Delivery Method: Choose Dynamic Seed Provisioning (CT-KIP)
- Under CT-KIP: Select User imports token via QR code in Self-Service Console (Recommended for High Security)
Distribute Software Token
- Choose the Software Token Profile (Android 2.x / iOS 2.x)
- Save and distribute (you will find Delivery Method → Dynamic Seed Provisioning (using QR code))
- Submit job
- Download output file
Distribute in Bulk
- Navigate to: SecurID Tokens → Distribute Software Tokens in Bulk → Generate Dynamic Seed Provisioning Credentials
- Choose the Software Token Profile (Android 2.x / iOS 2.x)
- Select the serial number ranges of the tokens → Next
- Confirm Delivery Method → Dynamic Seed Provisioning (using QR code)
- Submit job
- Download output file
Self-Service Console
-
Allow users to request token profile from the Self-Service Console:
Setup → Self-Service Settings → Software Token Profiles Available for Request- Allow users to request (Android 2.x / iOS 2.x) profile software tokens
- Choose one of these profiles as default
Enable CT-KIP URL if QR Code is not working
Setup → Self-Service Settings → Customization Tab → Enable and Disable Self-Service Features
- QR Code Fallback Option: Allow email delivery of CT-KIP URL if user cannot scan QR Code
Token Provisioning Scenario
- User requests a token from the Self-Service Console and selects a token profile (Android 2.x or iOS 2.x)
- Admin approves the request from: Security Console → Administration → Provisioning Request
- User receives an email confirming the request is approved and token needs activation
- User activates the token and the QR code is displayed (valid for 5 minutes only)
- User scans the QR Code and starts using the token
- If QR code is not working, choose Send Activate Token Link (CT-KIP URL)
Thank you
Notes
Email option must be enabled
Only applicable for IOS and Android
End user must be in the same network as the authentication manager (dynamic seed provisioning) unless there is a webtier
Related Articles
How to convert a file-based RSA SecurID software token from .sdtid format to a QR code in Authentication Manager 8.x Number of Views New Delivery Method for Token Seed Records Number of Views Distribute One Software Token Using Dynamic Seed Provisioning Number of Views Distribute One Software Token Using Dynamic Seed Provisioning Number of Views QR Code Failure After Replacing the Virtual Host Certificate Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Supported On-Demand Authentication (ODA) SMS providers for use with RSA Authentication Manager 8.x Deploying RSA Authenticator 6.2.2 for Windows Using DISM
Don't see what you're looking for?
