WIXLIB

User GuideRSA SecurIDToken RequestsOverviewWhat is RSA SecurID?RSA SecurID is a multi-factor authentication technology that is used to protect network services. The RSA SecurIDauthentication mechanism consists of a “token”, either hardware or software, which is assigned to a user, andgenerates a dynamic authentication code at fixed intervals. That code is then used when logging into a protectedservice from outside a network (e.g. from a home Internet connection, public Wi-Fi hotspot).Use this link below to watch a RSA YouTube video that can help users learn more about RSA SecurID tokens.https://www.youtube.com/watch?v BRCeHdhfWm0&index 25&list PL69kuTXA1IavzxE6Q6jM D1ctlsk-s6o6What is Multi-Factor Authentication (MFA)?Multi-factor authentication (MFA) is a security feature that works to protect your account. It adds an extra layer ofprotection when you access secure services online by requiring two or more unique factors to verify a user’sidentity. When you log into New York State services protected by MFA, this feature lets us know it’s you accessingyour account.Why MFA and RSA SecurID for New York State?MFA is an important step in protecting New York State’s critical information assets. Using MFA will reduce risk toboth New York State and users. MFA helps guard against fraudulent online activities like Phishing scams andidentity theft.As the Office of Information Technology Services broadly implements MFA across the enterprise, we are betterprotecting NYS critical information technology assets by providing a higher level of security to verify the identity ofour users.RSA SecurID Authentication User GuideThis manual is designed to guide users through the process of requesting an ITS-issued token (software orhardware). For users who request a software token, this guide will instruct you on how to download the RSASecurID App and how to import your software token.Need Help?Your Service Desk is ready to help you! If you experience any issues or need assistance, please contact theEnterprise Service Desk (or your local Service Desk), email fixit@its.ny.gov or chat online with a Service DeskRepresentative at chat.its.ny.gov/.Rev. Jan. 2017Page 1 of 34

User GuideRSA SecurIDToken RequestsTable of ContentsSection I: Requesting a Token (Hardware or Software Token)Section I guides requestors through the registration process, which takes approximately 10 minutes. Users mayrequest a hardware or software token.If you have a state-issued device, such as a smart phone or tablet,you are required to obtain a software token.Section II: Enabling the Hardware Token and Setting the PIN (Hardware TokensOnly)Section II guides hardware token users through the process of enabling the hardware token and setting a PINbefore using. This process is completed only after you receive your hardware token.Section III: Downloading the RSA SecurID Software Token Application (SoftwareTokens Only)Section II guides users who request a software token through the process of installing the software on theirmobile device.Section IV: Importing Your Token (Software Tokens Only)Section III takes approximately 10 minutes to complete, and helps users successfully import the RSAsoftware token.Section V: Troubleshooting Your Token (Hardware or Software Token)Section V guides users through common token and PIN troubleshooting issues .Rev. Jan. 2017Page 2 of 34

User GuideRSA SecurIDToken RequestsSection I: Requesting a Hardware or Software TokenUsers requiring a token may request a hardware or software token.What type of token is right for me?A hardware token is a small physical device (often referred to as a fob) that produces a secure and dynamic codefor each use and displays it on a built-in LCD display.A software token is deployed to your mobile device (e.g., smartphone or tablet). To use your software token youwill need to install the RSA software on a mobile device. The RSA software can be downloaded to either a stateissued device, or any personal device you use. Note: if you have a state-issued device, such as a smart phoneor tablet, you are required to obtain a software token.Both types of tokens perform the same tasks, however, software tokens are super convenient. They can be usedon the device you already have, and do not require you to carry anything extra with you.Before you begin make sure you: Have at least 10 minutes to complete this process Read through the instructions Have access to a device with an Internet connection Have decided on which type of token is right for you If you choose a software token, you will need to know what type of operating system supports your device.Operating systems compatible with RSA SecurID tokens are as follows. iOS Android Windows Blackberry Series: Click here to identify Blackberries in the Blackberry 10 series Blackberry 10 Series: Click here to identify Blackberries in the Blackberry seriesYour Service Desk can assist in determining your operating system. For help, please contact the EnterpriseService Desk at 1-844-891-1786 (or your local Service Desk), email fixit@its.ny.gov or chat online with a ServiceDesk Representative at chat.its.ny.gov/.Rev. Jan. 2017Page 3 of 34

User GuideRSA SecurIDToken RequestsFollow the steps outlined in this section to request a hardware or software token.Step 1: Navigate tohttps://mytoken.ny.gov.You will land directly atthe Self-Service Console.Step 2: Enter your emailaddress (firstname.lastname@agency.ny.gov)in the User ID box. Thenclick Ok.Step 3: Choose yourAuthentication Method bySelecting Passwordfrom the dropdown andClick the Log On button.Rev. Jan. 2017Page 4 of 34

User GuideRSA SecurIDToken RequestsStep 4: Enter yourOffice365 Password(this is the samepassword you use to logonto your computer andemail) and select LogOn.Step 5: Click the Set Uplink to set up yourSecurity Questions. Setup is a prerequisite totoken approval.Step 6: Select 5security questions inthe language of choice(answers will not be casesensitive). Oncecomplete, select SubmitYour Request. Securityquestions provide futureverification of userauthentication.Rev. Jan. 2017Page 5 of 34

User GuideRSA SecurIDToken RequestsStep 7: Oncesuccessfully completedyou will receiveconfirmation. SelectRequest a new token.Step 8: Choose the typeof token from the dropdown menu. You canchoose either a softwaretoken or a hardwaretoken. If you choose aHARDWARE token,proceed to Step 9.If you chose aSOFTWARE token, clickhere to jump to Step 12.Rev. Jan. 2017Page 6 of 34

User GuideRSA SecurIDToken RequestsStep 9: For HardwareToken Requests Only.If you chose ahardware token, enter areason for the tokenrequest. For example, “toaccess VDI”. Confirm oredit your mailingaddress. Select Submitwhen complete.Step 10: You willreceive confirmationonce your request issubmitted.Your hardware tokenrequest is nowcomplete.Proceed to Step 11 oninformation related totoken approval.Rev. Jan. 2017Page 7 of 34

User GuideRSA SecurIDToken RequestsStep 11: Once yourtoken request isapproved you willreceive an emailnotification fromEnterprise.RSA.Prod@its.ny.gov advising youof your token status.Please retain this emailuntil you receive yourtoken. The enablementcode will be required toenable your token.Once you receive yourtoken refer to Section IIto enable yourhardware token and setyour PIN.Note: Token requests areapproved by a TokenAdministrator and notautomatically generatedby the system.Rev. Jan. 2017Page 8 of 34

User GuideRSA SecurIDToken RequestsStep 12: For SoftwareToken Requests OnlySelect the radio buttonnext to the operatingsystem that powersyour mobile device.Please note: Samplemobile phone photos areincluded, however, anRSA token may beimported into any mobiledevice (phone or tablet)provided it is powered byone of the operatingsystems indicated.Your specific ServiceDesk can assist indetermining youroperating system.Note: Users shouldchoose a token profilethat begins with the word“Enterprise” followed bytheir device operatingsystem. The “SupportUse Only” token shouldnot be requested by endusers.Rev. Jan. 2017Page 9 of 34

User GuideRSA SecurIDToken RequestsStep 13: After selectingyour device, scrolldown to create a 1)nickname for the token(e.g. Mike’s Token). 2)PIN between 4 and 8characters (a numberyou can easilyremember), and 3)Reason for the tokenrequest. (e.g. “to accessVDI”). Select Submitwhen complete.Note: Do not edit the prepopulated device serialnumber field. Thisnumber simply serves asa placeholder. Deviceserial numbers are notrequired.Step 14: You will receiveconfirmation once yourrequest is successfullysubmitted. Click Ok.Proceed to Section III:“Downloading the RSASecurID App”.Note: Token requests areapproved by a TokenAdministrator and notautomatically generatedby the system.Rev. Jan. 2017Page 10 of 34

User GuideRSA SecurIDToken RequestsSection II: Enabling the Hardware Token and Setting the PINHardware token users must enable the hardware token and set a PIN before using. This process is completedonly after you receive your hardware token. Follow the steps outlined in Section II to enable your hardwaretoken and set your PIN.Before you begin make sure you: Have your hardware token in hand Have access to a device with an Internet connection Have at least 2 minutes to complete this process Review the instructionsStep 1: Once you haveyour hardware token, youare ready to enable yourtoken. Open the emailnotification you previouslyreceived fromEnterprise.RSA.Prod@its.ny.gov.Note: If you misplaced ordeleted this email contactthe Enterprise Service Deskor your local Service Deskfor assistance.Rev. Jan. 2017Page 11 of 34

User GuideRSA SecurIDToken RequestsStep 2: Verify that theserial number in the emailmatches the serial numberon the back of the tokenyou received. Your tokenserial number is the 9-digitnumber on the back of yourRSA SecurID hardwaretoken. It can also be foundin the self-service consoleby clicking view details nextto the token image.Important: If the numberon the back of the RSASecurID hardware tokendoes not match the serialnumber listed in the emailSTOP. You will need tonotify your specificService Desk as you mayhave been issued anincorrect SecurIDhardware token.000155302827Step 3: Click on tokenenablement link listed inemail notification to godirectly to the Self-ServiceConsole. Enter your UserID (your work emailaddress), the enablementcode identified in theemail, and your tokenserial number. Click Ok.You will receive amessage stating “yourtoken is ready to use”.Click OK to beautomatically directed backto the home page of theself-service console.Rev. Jan. 2017Page 12 of 34

User GuideRSA SecurIDToken RequestsStep 4: Click Create PIN.Step 5: Create a new PINbetween 4 and 8characters. Click Save.Step 6: You will receive amessage indicating yourPIN has been successfullycreated.Rev. Jan. 2017Page 13 of 34

User GuideRSA SecurIDToken RequestsSection III: Downloading the RSA SecurID Software TokenApplicationSoftware token users must install the RSA SecurID software on their mobile device. Follow the instructionsbelow, which takes approximately 2 minutes, to download the RSA SecurID App.Before you begin make sure you: Have your mobile device in hand Have a network connection on your mobile device Have at least 2 minutes to complete this process Review the instructionsFrom the App store onyour mobile device,download the RSASecurID App. If you havedifficulty finding the Apptype “RSA SecurID” inthe search field.The RSA SecurID Software Token application for iPhone or iPad can be found here re-token/id318038618?mt 8The RSA SecurID Software Token application for Android can be found here https://play.google.com/store/apps/details?id com.rsa.securidappThe RSA SecurID Software Token application for Windows can be found here urid/9nblggh0ccn2The RSA SecurID Software Token application for Blackberry world can be found here Rev. Jan. nt/33979888/?lang en&countrycode USPage 14 of 34