Identity Attribute Definitions for On-Demand Tokencode Delivery by E-Mail
If you want to deliver on-demand tokencodes by e-mail, you must ensure that AM can access the database attribute where you store users’ e-mail addresses.
Use the following table to determine whether additional configuration is required.
Identity Sources In Your Deployment | Configuration |
Internal database | Select E-Mail to use the e-mail configured for the user and stored in the internal database. Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode. If the e-mail address requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition in the internal database that can store an e-mail address that does not require the user to authenticate with an on-demand tokencode. |
At least one LDAP directory identity source that contains e-mail addresses | Select E-Mail to use the attribute you mapped to the E-Mail field when you configured the identity source. Make sure that the configured e-mail address does not require the user to authenticate using an on-demand tokencode. If the e-mail address configured in your directory requires the user to authenticate with an on-demand tokencode, the user cannot retrieve the tokencode. In this case, create an identity attribute definition, and map it to an LDAP attribute where you store a user e-mail address that does not require the user to authenticate with an on-demand tokencode. |
At least one LDAP directory identity source, and you want to use the e-mail address value in the LDAP directory “mail” field. | No attribute mapping required. When you add an LDAP directory, AM automatically links to the “mail” attribute in an LDAP directory. When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
At least one LDAP directory identity source, and you want to use the e-mail address value in an LDAP directory field other than the “mail” field. | You may edit the “E-mail” identity attribute definition in AM or create a new one, so that it maps to the LDAP directory attribute that you want to use for e-mail addresses. For more information, see Edit an Identity Source. When you configure on-demand tokencode delivery, select “mail” from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
At least one LDAP directory identity source, and you want to store user e-mail addresses in the internal database because the LDAP directory does not contain e-mail addresses. | You must create an identity attribute definition for user e-mail addresses that is always stored internally. When you configure on-demand tokencode delivery, select the attribute that you created from the User Attribute to Provide SMS Destination drop-down menu on the SMS Configuration page. |
Related Articles
Enable Users to Update Phone Numbers and E-mail Addresses Number of Views On-Demand Tokencode Delivery by Mobile Phone or E-Mail Number of Views RSA Identity Governance and Lifecycle email not being sent due to javax.mail.MessagingException: Could not connect to SMTP… Number of Views How to Add HSTS headers to Authentication Manager, AM service responses, even for invalid URLs which return error such as 404 Number of Views Some authenticators are only available "With Additional Purchase" on the RSA SecurID Access Cloud Administration Console's… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
