Temporary Access Codes can be used to log in when a user cannot access their one-time passcode (OTP), Grid Card, or token authenticator (for example, if a user has misplaced the mobile device containing their soft token application.
Note: Temporary Access Codes can also be used as a standalone authenticator rather than as a substitute, but Entrust recommends using temporary access codes only for interim authentication.
Temporary access codes can be used to log in to Identity as a Service, OIDC, SAML, or RADIUS accounts. When logging in to Entrust Identity Enterprise applications, they can be used as alternatives for OTP or token authentication but they cannot be used as standalone authenticators.
You can limit the Temporary Access Code to a number of uses or a period of time. For example, you can limit the use of the Temporary Access Code to a single use or a 24-hour period.
Temporary Access Codes are different from one-time passwords (OTP) authenticators. A Temporary Access Code can be used multiple times over a configurable period. An OTP is a single-use authentication code sent to a user's phone, mobile device, or email address during authentication. Temporary Access Codes are not sent to users during authentication.
A user cannot see the Temporary Access Code they have been assigned on the user portal. Administrators must provide the Temporary Access Code to the user. A user is assigned only one Temporary Access Code. If a temporary access code has expired, you must delete it before you can assign a new one to a user.
A Temporary Access Code can only be used for authentication if:
● It has been assigned to the user
● It has not expired
● It has not reached the maximum number of uses allowed
● The resource rule controlling access to the account allows Temporary Access Codes to be used for authentication.
Topics in this section:
● Modify Temporary Access Codes
● Assign a Temporary Access Code