Approve, Authenticate SecurID OTP, and Biometrics

The Authenticator 4.2.0 app for iOS and Android helps you access your company's protected resources by providing multifactor authentication with Approve (push notifications), Authenticate SecurID OTP credential, and Biometrics. The app icon looks like this in the app stores:

The following table describes the differences in the terminologies used in the app versions:

	SecurID 4.0 App	Authenticator 4.1.5 App and later
App name	SecurID	Authenticator
User interface labels, messages, and values	Company ID	Organization ID
	Account	Credential
	Tokencode	SecurID OTP
	Token	SecurID OTP Credential
	Add	Add Credential

New User or Upgrading? Get Started with Authenticator App

Migrate Credentials from RSA Authenticate App

Add a Credential

Rename a Credential

Unregister an Authenticator App

Manage a System Backup/Restore

Send Logs for Troubleshooting

Share Binding ID

New User or Upgrading? Get Started with Authenticator App

Before using the Authenticator app to sign in to applications, you must register it first from My Page.

Register Using My Page

Sign into My Page. Your administrator sends the URL to you.
Click My Authenticators tab.
Click Register an authenticator.
Select SecurID App.
Follow the instructions. You are prompted to download the app and register it using either a QR code or numeric registration code. Download the Authenticator 4.1.5 app from the Apple App Store or Google Play. Search for SecurID Authenticator, which looks like this:

Open the app and tap Get Started. Follow the prompts to add a credential.

If you want to add more accounts, tap the plus sign (+) in the upper right corner of the screen and follow the prompts. You need a new Registration Code or URL for each account.

Sign In to Applications

Use the Authenticator app when you access an application.

Enable Push Notifications on Your Device

Depending on the configured authentication methods, you may receive approval or biometrics notifications on your application. You must respond to these notifications in order to access a protected resource, and make sure notifications are enabled on your mobile device.

If you have disabled or not received notifications, try swiping down from the top of the screen to refresh and receive the notifications within the app.

Different Ways to Sign In

Your administrator determines which authentication options you can use.

Authentication Option	How to Use This Option
Approve	RSA sends a notification to your device. In the app, tap Approve (check mark). You can also tap an interactive notification on the device or on an Apple Watch or Android Wear watch paired to the device. You might be prompted to unlock your device after you tap Approve in the notification. Tap X if you did not request access to an application. See how it works. If the confirmation code configuration is enabled by the administrator, you will see a code on the Approve notification. You can compare this code with the code that is shown on the screen from where the request was originated (for example, VPN client) and approve it if the code matches.
Authenticate OTP	In your Authentication interface, enter the Authenticate one-time password (OTP) that appears on the app home screen. The credential name appears on the credential card. The Authenticate OTP is an eight-digit number that changes every 60 seconds. If you are using the app and accessing the protected application on the same device, you can tap the OTP to copy it to the clipboard, and then paste it in the Authentication interface. Your administrator may require additional authentication (for example, a biometric or a PIN) before viewing the SecurID Authenticate OTP. The app prompts you to create a PIN thatis only used for viewing the Authenticate OTP. Tap View Authenticate OTP on the app and follow the instructions. You can authenticate to view the SecurID Authenticate OTP if your device is online or offline.
Biometrics	RSA sends a notification to your app and prompts you to authenticate using a biometric option available on your device, such as Fingerprint, Face ID (iOS), or face recognition (Android). Be sure to set up biometrics on your device. If your device does not support biometrics, this method will not be available.
QR Code	When using QR code as an authentication method, a QR code is displayed in your authentication interface. You can then scan it with your authenticator app (or directly from the Camera app on your device) and then tap Allow to approve the sign in request.

Authentication Option

How to Use This Option

Approve

RSA sends a notification to your device. In the app, tap Approve (check mark). You can also tap an interactive notification on the device or on an Apple Watch or Android Wear watch paired to the device. You might be prompted to unlock your device after you tap Approve in the notification. Tap X if you did not request access to an application.

See how it works.

If the confirmation code configuration is enabled by the administrator, you will see a code on the Approve notification. You can compare this code with the code that is shown on the screen from where the request was originated (for example, VPN client) and approve it if the code matches.

Authenticate OTP

In your Authentication interface, enter the Authenticate one-time password (OTP) that appears on the app home screen. The credential name appears on the credential card.

The Authenticate OTP is an eight-digit number that changes every 60 seconds. If you are using the app and accessing the protected application on the same device, you can tap the OTP to copy it to the clipboard, and then paste it in the Authentication interface.

Your administrator may require additional authentication (for example, a biometric or a PIN) before viewing the SecurID Authenticate OTP. The app prompts you to create a PIN thatis only used for viewing the Authenticate OTP.

Tap View Authenticate OTP on the app and follow the instructions. You can authenticate to view the SecurID Authenticate OTP if your device is online or offline.

Biometrics

RSA sends a notification to your app and prompts you to authenticate using a biometric option available on your device, such as Fingerprint, Face ID (iOS), or face recognition (Android). Be sure to set up biometrics on your device. If your device does not support biometrics, this method will not be available.

QR Code

When using QR code as an authentication method, a QR code is displayed in your authentication interface. You can then scan it with your authenticator app (or directly from the Camera app on your device) and then tap Allow to approve the sign in request.

Migrate Credentials from RSA Authenticate App

When you first open the Authenticator app or register your credentials, you will be prompted to migrate your existing credentials from RSA Authenticate app to the Authenticator app.

Note: Migrating credentials from RSA Authenticate app to the Authenticator app is a new feature of the Authenticator v4.2.0.

Procedure

Open the app.
On the home screen, tap More… in the lower right corner.
Tap Migrate credentials from Authenticate app.
Tap Yes, migrate when prompted.

Add a Credential

You can add multiple credentials to a single mobile authenticator for the same organization. Each credential must use a different username. For example, you can register an Authenticator app with Organization A, then add credentials using username1@example.com for Credential 1 and username2@example.com for Credential 2. Or you can add credentials for the same organization to different Authenticator apps, using a different username for each credential.

The Authenticator app can manage up to ten credentials. Your administrator must send you a new Registration Code or URL for each credential.

Procedure

Open the Authenticator app.
Tap the plus sign (+) in the upper right corner of the app screen.
Follow the prompts to complete registration.

Rename a Credential

You can rename a credential card to make the names more meaningful to you.

Open the Authenticator app.
Tap the menu icon (...) in the upper right corner of the credential card.
Tap Rename.
Enter the name of your credential.
Tap Save.

Register a New Mobile Authenticator App

You can replace your old Authenticator app that was previously registered on an existing device by the new Authenticator app on a new device.

Procedure

Go to My Page and delete the existing account.

If you had multiple accounts on the old device, go to a separate My Page for each account.
Download the Authenticator app from the app store. Search for SecurID Authenticator, which looks like this:
Open the app and tap Get Started. Follow the prompts to add a credential.
To add more credentials, tap the plus sign (+) in the upper right corner of the screen and follow the prompts.

Unregister an Authenticator App

Procedure

Open the Authenticator app on your device.
On the organization credential card, tap the menu (...) in the top right corner.
Tap Delete.
Confirm the delete when prompted.
Continue for every account.
Sign in to My Page.
Click the trash icon next to your authenticator.

Note: Your administrator can disable this option.

Manage a System Backup/Restore

You may need to do a system back up and restore, for example when upgrading to a new device. Be aware that the following information is not included in the system backup.

Device Operating System	Not Included in System Backup
iOS	App data
Android	Authenticator app

After you restore the device from a system backup, perform these steps to continue using the Authenticator app on the restored device.

Procedure

Notify your IT Help Desk that you restored your device. They need to send you a new Registration Code or URL for each credential you need to use, or a link to a site where you can scan a QR code.
Go to My Page and delete the application registered before the backup.

If you had multiple credentials , go to a separate My Page for each credential.
Download the Authenticator app from the app store. Search for SecurID Authenticator, which looks like this:
Open the app and tap Get Started. Follow the prompts to add a credential.
To add more credentials, tap the plus sign (+) in the upper right corner of the screen and follow the prompts.

Send Logs for Troubleshooting

The Authenticator app automatically creates log files that are used to diagnose problems. Send log files to your administrator or IT Help Desk if they request these files.

Procedure

Open the app.
On the home screen, tap More… in the lower right corner.

Tap Email Logs.

When prompted, describe the issue.
Select the app through which you want to send the logs to your administrator or IT Help Desk.

Share Binding ID

A binding ID is a unique, 24-character long device ID. You can copy the ID and share it if required.

Procedure

Open the app.
On the home screen, tap More… in the lower right corner.
Tap About.
Tap the Share icon next to the Binding ID.
Select the app through which you want to share your Binding ID.