Manage Temporary Access Codes

Temporary Access Codes can be used to log in when a user cannot access their one-time passcode (OTP) or Entrust Soft Token authenticator (for example, if a user has misplaced the mobile device containing their Entrust Soft Token mobile application).

Note: Temporary Access Codes can also be used as a standalone authenticator rather than as a substitute, but Entrust Datacard recommends using temporary access codes only for interim authentication.

You can limit the Temporary Access Code to a number of uses or a period of time. For example, you can limit the use of the Temporary Access Code to a single use or a 24-hour period.

Temporary Access Codes are different from one-time passwords (OTP) authenticators. A Temporary Access Code can be used multiple times over a configurable period. An OTP is a single-use authentication code sent to a user's phone, mobile device, or email address during authentication. Temporary Access Codes are not sent to users during authentication.

A user cannot see the Temporary Access Code they have been assigned on the user portal. Administrators must provide the Temporary Access Code to the user. A user is assigned only one Temporary Access Code. If a temporary access code has expired, you must delete it before you can assign a new one to a user.

Prerequisites for Using Temporary Access Code

A Temporary Access Code can only be used for authentication if:

• It has been assigned to the user
• It has not expired
• It has not reached the maximum number of uses allowed
• The resource rule controlling access to the account allows Temporary Access Codes to be used for authentication.

Modify Temporary Access Code Settings

If a Temporary Access Code has expired or is about to expire, you can modify the expiry information so that a user can still authenticate with it. Modify the Temporary Access Code if the user still does not have a new authenticator (a token, for example) when the Temporary Access Code expires.

Any changes made to temporary access codes take effect the next time they are used for authentication.

Tip: You can click Undo to reverse any modified settings that have not been saved. Clicking Undo does not revert these settings to their default value.

1. Click Main Menu > Administration > Policies > Authenticators. The Authenticators page opens.
2. Select Temporary Access Code from the left-side menu. TheTemporary Access Code settings open.
3. Modify the following settings as required:
   1. Set Length to the number of characters or digits that can be included in a user's Temporary Access Code.
   2. Set Alphabet to the number and characters that can be included in each user's Temporary Access Code. The alphabet characters must be unique. No white spaces can be included.
   3. Select Case Sensitive to make the values entered in the Alphabet sensitive to whether the letters included are upper or lower case. When Case Sensitive is not selected, the Alphabet must contain either upper or lower case letters but not both.
   4. Select Replace Similar Characters if you want to replace similar looking characters in a response. For example, replace O with 0 and I with 1.
   5. Set Maximum Uses to the number of times the Temporary Access Code can be used to complete an authenticate challenge. Setting the field to 0 allows the authenticator to be used an infinite number of times.
   6. Set Lifetime (secs.) to the amount of time in seconds before a Temporary Access Code expires.
   7. Select the Enable Admin Contact check box to specify if an admin contact message displays on the Temporary Access Code login page.
4. Click Save to confirm changes to the Temporary Access Code settings.

Assign a Temporary Access Code

1. Click Main Menu > Members > Users. The Users List page opens.
2. Click the User ID of the user to whom you want to assign the temporary access code. The User Details page appears.
3. Click the Authenticators tab. The Authenticators page opens showing a list of authenticators assigned to the user.
4. Click Add . A drop-down list of authenticators opens.
5. Select Temporary Access Code. The Temporary Access Code is added to the user's list of authenticators. You need to send the code to the user.
6. To get the temporary access code, on the user's Authenticators page, click and select   Details. The Temporary Access Code Details page appear.
7. Copy the text in the Code field. This is the temporary access code. Share the code to the user.
8. Click OK to close the Temporary Access Code Details page.

Note: You cannot create more than one Temporary Access Code for each user. To create a new Temporary Access Code, you must first delete the user’s current Temporary Access Code, if there is one. If you need to delete the temporary access code, click and select Delete and click Delete on the confirmation prompt.