RSA SecurID Token

RSA SecurID Token

RSA SecurID is a multi-factor authentication technology that is used to protect network services. The RSA SecurID authentication mechanism consists of an assigned hardware or software "token" that generates a dynamic authentication number code at fixed intervals. Users provide the unique number code when logging into a protected service from any network outside the State network.

For any questions regarding using RSA SecurID for working remotely, please discuss with your supervisor or refer to your Agency's policy.

What is Multi-Factor Authentication (MFA)? 
Multi-Factor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login. 

What is a Token Passcode?
For a Software Token, your Token Passcode is the eight-digit number generated after entering your PIN on the RSA App. On your Soft token, the passcode refreshes every sixty seconds. If you have difficulty logging in after providing the passcode, ensure the correct PIN was entered. 

Your Hard Token generates a random, six-digit passcode every sixty seconds, also known as a Token code. Your Token Passcode is your PIN followed the Token code (the six random digits) from the Hard Token, with no spaces between them. 

Which RSA SecurID Token is right for you?

Request a RSA SecurID Token

Go to https://mytoken.ny.gov to be directed to the Self Service Console.

Enter your email address ([email protected]) in the User ID box.  Click Ok. 

Choose your Authentication Method by Selecting Password from the dropdown and Click the Log On button.

Enter your Office365 Password (this is the same password you use to log onto your computer and email) and select Log On.

Click the Set Up link to set up your Security Questions. Set up is a prerequisite to Token approval.

Please answer the five security questions (answers are not case sensitive). Select Submit Your Request. Security questions allow you to unlock your account without assistance and provide future verification of user authentication.

Once successfully completed, you will receive confirmation. Select Request a new Token. 

Software Token

1. Choose Software Token from the drop-down menu. 
2. Select the radio button next to the operating system that powers your phone. RSA token can be imported to an Android or IPhone. Your specific Service Desk can assist in determining your operating system. Users should choose a Token profile that begins with the word "Enterprise" followed by their device operating system.
3. After selecting your device, scroll down to create a pin for your token. Pin MUST be 8 numeric characters (HINT: Use years people were born before 1990. For example, my dad was 1935, and I'm 1963, so my pin is 19351963). Also please include a reason for the request (e.g. "I have a new phone" or "Need for remote access"). 
4. You will receive confirmation once your request is successfully submitted. Click Ok.

Note: Most software token requests are approved automatically.

Hardware Token

1. Choose Hardware Token from the drop-down menu. 
2. Enter a reason for the request (e.g. "Need for remote access").
3. Create a pin for your token. Pin MUST be 8 numeric characters. (HINT: Use years people were born before 1990. For example, my dad was 1935, and I'm 1963, so my pin is 19351963).
4. Confirm the shipping address for the token is accurate. Make any changes necessary to ensure the on-time delivery of your token. If you are in a multi-story building, please include a floor and room number.
5. Your Hardware Token request is complete when you receive confirmation your request is submitted. Once your token request is approved, you will receive an email notification from [email protected] advising you of your token status. Please retain this email until you receive your token. The enablement code will be required to activate your token.

Software Tokens

Using RSA SecurID to Access Secure Email via Outlook Web Mail 

1. Go to https://login.microsoftonline.com/ . Enter your work email address to be directed to the Single Sign-On page.
2. Enter your work email address and password. Click Sign In.
3. Open the RSA SecurID App on your mobile device and enter your Personal PIN when prompted. Your mobile device will generate an eight-digit Token Code. Enter the eight-digit Token Passcode when prompted.
4. You are now connected to your Outlook Web Mail.

Using RSA SecurID to Access Secure Email via the Microsoft Outlook App 

First time Software Token users are required to install the Microsoft Outlook App on mobile devices and add your Email Account (refer to Steps 1 and 2). Users who have already installed the Microsoft Outlook App should proceed to Step 3.

1. Install the Microsoft Outlook App on your mobile device. Note: Android device users may be prompted to create an 8-digit PIN when installing the App.
2. Enter your work email address and click Add Account.
3. Enter your work email address and password. Click Sign In.
4. Open the RSA SecurID App on your mobile device and enter your Personal PIN when prompted. Your mobile device will generate an eight-digit Token Code. Enter the eight-digit Token Passcode when prompted.

Note: Once the App is installed and your email account has been added, you will occasionally be prompted to re-enter your credentials and RSA SecurID Token code to access email via the App. Refer to steps 3 and 4.

Hardware Tokens

Enabling Your Hardware Token and Setting Your PIN

1. Once you have your hardware Token, open the email notification you received from [email protected]. If you misplaced or deleted this email contact the Enterprise Service Desk or your local Service Desk for assistance.
2. Verify that the serial number in the email matches the serial number on the back of the Token you received. Your Token serial number is the 9-digit number on the back of your RSA SecurID hardware Token. It can also be found in the self-service console by clicking view details next to the Token image. Note: If the number on the back of the RSA SecurID Hardware Token does not match the serial number listed in the email, you will need to notify your specific Service Desk.
3. Click on Token enablement link listed in the email notification to go directly to the Self-Service Console. Enter your User ID (your work email address), the enablement code identified in the email, and your Token serial number.  Click OK.
4. You will receive a message stating "your Token is ready to use". Click OK.
5. Click Create PIN. 
6. Create a new PIN that is 8 digits in length. All PINs MUST be 8 digits, and PINs cannot start with a zero (0). Click Save.

Using RSA SecurID to Access Secure Email via Outlook Web Mail 

1. Go to https://login.microsoftonline.com/ . Enter your work email address to be directed to the Single Sign-On page.
2. Enter your work email address and password. Click Sign In.
3. Enter your RSA SecurID passcode followed by the token code. Do not put any spaces or dashes between your PIN number and the Token code
4. You are now connected to your Outlook Web Mail.

Using RSA SecurID to Access Secure Email via the Microsoft Outlook App 

1. From the App Store on your mobile device, install the Microsoft Outlook App.  Note: Android device users may be prompted to create an 8-digit PIN when installing the App.
2. Enter your work email address and click Add Account.
3. Enter your work email address and password.  (This is the same email you use to log onto your work computer.)  Then click Sign In.
4. Enter your RSA SecurID Passcode. This number is your Personal Identification Number (PIN) followed by the dynamic Token code found on your hardware Token. Do not put any spaces or dashes between your PIN number and the Token code.

Note: Once the App is installed and your email account has been added, you will occasionally be prompted to re-enter your credentials and RSA SecurID Token code to access email via the App. Refer to steps 3 and 4.

How do I request a new token?
Log in to https://mytoken.ny.gov using your NYS email and password, then refer to the “Requesting an RSA SecurID Token” section above for the steps on requesting a token.

Should I use a hardware or software token? 
Software tokens are the preferred method. Hardware tokens can become lost or stolen. 

Change or Forgot Pin
If you forget or need to change your PIN, log into the Self-Service Console using your email address and password at https://mytoken.ny.gov/, then click "Troubleshoot", select "I forgot my PIN". At the next screen Enter your new PIN and confirm.

Troubleshooting your PIN
You may test to see if you remember the correct PIN by going to the Self Service Portal at https://mytoken.ny.gov. Log in using your email address and password, click "Test,” then follow the onscreen instructions.

I got a new phone; how do I request a new Token?
Visit https://mytoken.ny.gov and login with your NYS User ID and Password.

Once you are logged in, request a NEW token. State the reason for the request as getting a new phone. For further instruction on requesting a token, please refer to “Requesting an RSA SecurID Token” section above.

Once the request is approved, you will receive an email with instructions on importing the new token to your new phone.

I am locked out of my RSA SecurID account, what do I do?
Go to https://mytoken.ny.gov/, do not login. Click on "Troubleshoot SecurID Token".  Enter your email address and answer the identifying questions. Upon submission of correct answers, your RSA account will no longer be locked.

What is "Next Token Code Mode" and what do I do about it?
After entering too many incorrect passcodes, you may be required to enter a next Token code. If using a Soft Token, wait and then enter the next available passcode shown. If using a Hard Token, wait and then enter the next available Token code shown (random 6 digits). Do NOT enter PIN + Token code.

Change or Forgot Pin

If you forget or need to change your PIN, log into the Self-Service Console using your email address and password at https://mytoken.ny.gov/, then click "Troubleshoot", select "I forgot my PIN". At the next screen Enter your new PIN and confirm.

What is a Token Passcode?

For a Software Token, your Token Passcode is the eight-digit number generated after entering your PIN on the RSA App. On your Soft token, the passcode refreshes every sixty seconds. If you have difficulty logging in after providing the passcode, ensure the correct PIN was entered.

Your Hard Token generates a random, six-digit passcode every sixty seconds, also known as a Token code. Your Token Passcode is your PIN followed the Token code (the six random digits) from the hard Token, with no spaces between them.

Returning an expired or no longer needed RSA Token:

By Interagency Mail:
Agencies or individuals using interagency mail should return tokens to the following address:

Attn: RSA Admins
6 Empire State Plaza Swan St Bldg  
Core 3, Floor 2, Rm 236B
Albany, NY 12223

By Regular US Postal Service Mail:
Agencies or individuals not using interagency mail should return tokens to the following address:

Attn: RSA Admins
P.O. BOX 2062
Albany, NY 12220

The SecurID (formerly RSA Token) application has been rebranded and there are application and icon (see image below) updates that you should know about.

SecurID Token App Icon

Old Icon	New Icon

Multiple tokens will now appear in a single "Tokencode" display screen, as shown below:  

Tokencode Display

Old Display	New Display

If you have any questions regarding the rebranded SecurID application token icon, please contact the ITS Service Desk directly through ITSM, at [email protected].