SecurID OTP credential for SecurID Authenticator 5.1 for macOS

SecurID OTP credential helps you to safely sign in to your organization credentials using a PIN (something you know) and a OTP credential code (something you have). Use your SecurID OTP credential with the SecurID Authenticator app, which is represented by this icon in the App Store:

The following table describes the differences in the terminologies used in the app versions.

	SecurID Authenticator 5.0 App	SecurID Authenticator 5.1 App
User interface labels, messages, and values	Company ID	Organization ID
	Account	Credential
	Tokencode	SecurID OTP
	Token	SecurID OTP Credential
	Add	Add Credential

Get Started with SecurID Authenticator 5.1

Import a SecurID OTP credential

Set a PIN for SecurID OTP credential

Sign In to the Software Authenticator

Rename a SecurID OTP credential Card

Delete a SecurID OTP credential Card

View Information About My SecurID OTP credential Card

Manage Device Password

Migrate Existing AM OTP Credentials from RSA SecurID Software SecurID OTP Credential 4.2.3 to SecurID Authenticator 5.1

Troubleshoot Common Problems

Get Started with SecurID Authenticator 5.1

Before using the SecurID Authenticator 5.1 app to sign in to the software authenticator, you must register your macOS computer.

Before you begin 

You need a macOS computer.

Procedure 

1. In the Apple App Store, search SecurID Authenticator (Refer to the image below), and download the 5.1 version.

   

2. Open the app and click Get Started. Follow the Import a SecurID OTP credential process.

Import a SecurID OTP credential

You can import up to 10 SecurID OTP credentials to a macOS computer where the SecurID Authenticator app is installed. Your administrator will send you an Activation Code or Password, if required, and one of the following mails:

• Import OTP credential Using URL Link

• Import OTP credential Using Email File Attachment

You might have to also set a PIN.

If your macOS computer already has an OTP credential and if you want to add more, click (+) on the upper right corner of the app.

Import OTP credential Using URL Link

1. Open the SecurID Authenticator app.

2. Open your mail box email find an email from your administrator.

3. Open the email and click the hyperlink or copy the URL to a browser or into the app to activate your SecurID OTP credential.

Import OTP credential Using Email File Attachment

1. Open the SecurID Authenticator app.

2. Open your mail box and find the email from your administrator.

3. Open the attached file. Enter the password, if prompted to activate your SecurId OTP credential.

Set a PIN for SecurID OTP credential

Your administrator will inform you if you need to set a PIN immediately after importing a SecurID OTP credential. These instructions are general; if specific information is required, contact your IT Help Desk.

1. On your macOS computer, connect to your VPN client or a protected software authenticator. Enter your username. Leave the dialog box open.

2. Open the SecurID Authenticator app.

3. If your app displays Enter SecurID PIN, perform these steps. Else, go to step 4.

   1. Leave the PIN field blank and click Submit to view the OTP credential code.

      

   2. On your macOS computer, in the Passcode field, type the OTP credential code, without spaces, and click OK.

   3. When prompted, enter a PIN that contains 4 to 8 numeric digits. Note that the PIN should not begin with a zero.

   4. Confirm the PIN. You are then prompted for a passcode.

   5. In the app, return to the Enter SecurID PIN screen.

   6. Enter the PIN you created and click Submit.

      The passcode which is a combination of the PIN and OTP credential code is displayed.

   7. Go to the VPN client or the software authenticator sign-in screen. In the Passcode field, type the passcode without spaces. Click OK.

      After you set the PIN, you are ready to Sign In to the Software Authenticator.

4. If your app does not display Enter SecurID PIN, perform the following:

   1. In the VPN client or protected resource screen, enter your user name.

   2. In the Passcode field, enter the OTP credential code that is displayed in the app, without spaces, and click OK.

      The OTP credential code is displayed in app:

      

   3. When prompted, enter a PIN that contains 4 to 8 digits. Note that the PIN should not begin with a zero.

   4. Confirm the PIN. You are then prompted for a passcode.

   5. In the app, click Next Code.

      A OTP credential code appears.

   6. On your macOS computer, in the Passcode field, enter your PINthe OTP credential code in the same field, without spaces.

   7. Click OK.

      After you set the PIN, you are ready to Sign In to the Software Authenticator.

   Note:  You must reset your PIN. If you forget it or if it becomes compromised, use the reset method provided by your IT Help Desk.

   Sign In to the Software Authenticator

   Use your SecurID OTP credential to sign in to a software authenticator such as a VPN client.

   Tip: You can click the OTP credential code or passcode to copy it to a Software Authenticator on the same macOS computer.

   1. On your macOS computer, open the VPN client or a software authenticator.

   2. Enter your user name. Leave the sign-in screen open.

   3. Open the SecurID Authenticator app:

      

   4. Follow the steps that correspond to your app display.

      If your app displays Enter SecurID PIN:

      

      1. Enter your PIN in the app. Click Submit to view the passcode.

      2. In the VPN client or the software authenticator window, enter the passcode, without spaces.

      3. Click OK.

      If your app displays this:

      

      1. Enter one of the following in the VPN client or the software authenticator window:

         • If you have a PIN, enter the PIN plus the OTP credential code from the app, without spaces.

         • If you do not need a PIN, enter only the OTP credential code, without spaces.

      2. Click OK.

      Tip:Pull down to clear and re-enter your PIN.

Rename a SecurID OTP credential Card

Rename your OTP credential to instantly recognize it in the SecurID Authenticator app.

1. Open the SecurID Authenticator app.

2. Click Menu (...) on the upper right corner of the OTP credential card.

   

3. Click Rename.

   

4. Enter the name of your OTP credential.

5. Click Save.

Delete a SecurID OTP credential Card

You can delete the SecurID OTP credential from your macOS computer if it expires or is no longer needed.

1. Open the SecurID Authenticator app.

2. Click Menu (...) on the upper right corner of the OTP credential card.

   

3. Click Delete.

   

4. When prompted, click Delete to confirm.

View Information About My SecurID OTP credential Card

You can view the Name, Serial Number, and Device Name associated with your SecurID OTP credential.

1. Open the SecurID Authenticator app.

2. Click More (...) on the upper right corner of the OTP credential card.

   

3. Click Information.

Manage Device Password

You can secure your AM OTP Credentials by configuring your device password in SecurID Authenticator 5.1 App. If you are authorized, you can set a password to protect your AM OTP Credentials by clicking (...) More and Manage Device Password. This ensures that only you can access, view, and manage credentials.

To Set a Device Password

1. Click (...) More at the bottom of the App and click Manage Device Password.

   
   

2. Enter the password in New Password and Confirm New Password fields.

3. Click Set Device Password.

   

4. (Optional) Click View Password to view list of AM OTP credentials that are protected by the new password.

To Change the Device Password

1. Click (...) More at the bottom of the App and click Manage Device Password.

2. Click Change Device Password.

   
   

3. Enter your current device password.
   

4. Enter a new password in the New Password and Confirm New Password fields.

5. Click Change Device Password.

   

To Remove Device Password

Removal of the device password removes the additional protection set for your AM OTP credentials registered on your local hard drive.

1. Click (...) More at bottom of the App and click Manage Device Password.

2. Click Remove Device Password.

   

3. Enter your current device password.

4. Click Remove Device Password.

   

Clear All AM OTP Credentials and Device Password

If the device password is forgotten, then all the AM OTP credentials in the device must be cleared and new credentials must be requested.

1. Click (...) More at the bottom of the App and click Manage Device Password.

   

2. Click Clear AM OTP Credentials.

3. Click Continue to confirm.

   

4. Click OK.

Migrate Existing AM OTP Credentials from RSA SecurID Software SecurID OTP Credential 4.2.3 to SecurID Authenticator 5.1

Admin should download migration helper app from RSA Community Link which is present under the SecurID Authenticators section. If the users want to migrate the AM OTP credentials to the latest app, they have to run this migration helper app.

Pre-requisite:

Follow the below procedure to download migration helper app:

1. Download and extract the RSA_SecurID_Migration_Helper_1_0_for_macOS.zip file.

2. Click and run SecurIDMigrationHelper.app application to migrate the RSA keychain entries.

3. (Optional) Enter the login keychain password.

   

4. Read the instructions seen on the helper app dialog window, click Ok to proceed.

5. After the successful execution of the app, launch open the latest SecurID Authenticator to migrate the SecurID OTP Credentials from RSA SecurID Software OTP Credential 4.2.3.

Note:  If user removes or resets or changes the device password, then the user has to run the migration helper app again.

Procedure:

1. If the RSA SecurID Software OTP Credential 4.2.3 is installed with a custom Database file, then, on initial launch of SecurID Authenticator 5.1 App, click Browse to select the Database file. After that, select the pre-selected file and click Open.

2. Click Continue.

3. (Optional) If the device password is enabled in RSA SecurID Software OTP Credential 4.2.3 or SecurID Authenticator 5.1, then enter the device password of 4.2.3 App or SecurID Authenticator 5.1 to complete the migration.

4. On successful migration, a count of SecurID OTP Credentials migrated from 4.2.3 to 5.1 is displayed.

5. Click OK.

Note:  
To skip the migration, can click Skip for now or Cancel.
The procedure is displayed only if the RSA SecurID Software OTP Credential 4.2.3 App is configured with the Custom Database file.

On every launch of SecurID Authenticator 5.1 app, an attempt to automatically migrate AM OTP credentials present in RSA SecurID Software OTP Credential 4.2.3 app is made. All AM OTP credentials are migrated to the SecurID Authenticator 5.1 until it reaches the limit of 10.

If a device password is set either in RSA SecurID Software OTP Credential 4.2.3 or SecurID Authenticator 5.1, then it must be entered during the migration process .

SecurID Authenticator supports a maximum of 10 AM OTP Credentials which includes credentials that are already present in SecurID Authenticator 5.0 and the credentials migrated from RSA SecurID Software OTP Credential 4.2.3. After reaching the maximum number of AM OTP credentials, if a user wants to add more AM OTP credentials, then the existing AM OTP credentials from 5.1 should be deleted.

Note:  On every launch of SecurID Authenticator, if a new or unmigrated AM OTP credential is present in RSA SecurID Software OTP Credential 4.2.3, then an attempt to migrate to SecurID Authenticator 5.1 is made.

Troubleshoot Common Problems

I am unable to authenticate. What should I do?

1. Re-enter the PIN to make sure you entered it correctly.

   If the PIN does not work, enter the PIN + OTP credential code in the Passcode field in the resource (such as a VPN client) that you want to access.

2. Use your organization's self-service portal to check if your OTP credential is disabled, locked, or expired. If any of these are the case, contact your IT Help Desk.

3. If you still cannot authenticate, contact your IT Help Desk.

My PIN is lost or it has been discovered by someone else.

You must reset your PIN. Use the self-service console your organization provides or perform as instructed by your IT Help Desk.

I am being prompted to enter the next OTP credential code. What does that mean?

You might occasionally be prompted for Next OTP credential code after you enter your PIN and OTP credential code. If this happens, do the following:

1. In the app, click the arrow next to the OTP credential code.

   

2. In the VPN client or the software authenticator, enter or copy (click) the next OTP credential code that displays in the app.

If migration fails, what should I do?

Refer to the table below to find the resolution for your issues.

Issue	Resolution
Unable to migrate the AM OTP from RSA SecurID Software 4.2.3 to new SecurID Authenticator 5.1	Run the SecurIDMigrationHelper app and relaunch the SecurID Authenticator 5.1 App.
The Device password on RSA SecurID Software 4.2.3 is updated and a new AM OTP credential is imported.
Migration was incomplete or failed because the maximum limit was reached.	Delete an existing AM OTP credential from SecurID Authenticator 5.1.
Unable to launch or run the SecurIDMigrationHelper app.	Collect and share Console logs related to SecurIDMigrationHelper app to IT Help Desk.