New Brunswick Internal Services Agency RSA Self-Service Console User Guide Version: 1.0 Created: November 27, 2013 Modified: November 27, 2013 Table of Contents Introduction...1 Logging on to the RSA Self-Service Console...2 Creating your PIN...3 Step 1 Login without PIN...3 Step 2 Set a new PIN...4 Step 3 Test your PIN...5 Test your RSA Token PIN...7 Setup Questions and Answers (Q&A) Authentication...7 Change your PIN...10 Method 1 I know my current PIN... 10 Method 2 I do not know my current PIN but have completed my Q&A...12 Method 3 I do not know my current PIN and have not completed my Q&A... 16 Common Problems with VPN Authentication... 16 I forgot my PIN... 16 I m being prompted for an additional token code...17 Introduction The RSA Self-Service Console web site https://rsa-web.gnb.ca allows: The creation of a personal PIN when a user first receives an RSA Token A user to test their RSA Token PIN A user to setup personal Questions and Answers (Q&A) A user to reset a lost or forgotten PIN by authenticating with Q&A The initial screen looks like the following image and the language displayed is automatic based on your web browser language settings. English (en, en_us) and French (fr, fr_ca) are supported. Please note: Internet Explorer is the only web browser supported by GNB. 1
Logging on to the RSA Self-Service Console Open Internet Explorer and go to https://rsa-web.gnb.ca Enter your User ID and click Ok Enter your Passcode: Hardware Token Users Enter your PIN + Token Code (Your personal PIN followed by the 6digit number displayed on the token) and click Log On. Blackberry Software Token Users Enter your Token Passcode (The 8-digit number obtained by opening the Blackberry RSA Application, entering your personal PIN, and selecting Get Passcode ) and click Log On. Internet Explorer RSA SecurID Toolbar Users Enter your Token Passcode (The 8 digit number obtained by opening Internet Explorer, entering your personal PIN, and clicking the green check on the RSA SecurID Toolbar ) and click Log On. A successful login will bring you to the My Account page and will show any RSA Tokens that are assigned to you. 2
To close the session click Log Off on the top right hand corner. Creating your PIN If your Token does not have a PIN set (Your token is new or a Token Administrator has reset your account to New PIN mode) use this procedure: Step 1 Login without PIN Open Internet Explorer and go to https://rsa-web.gnb.ca Enter your User ID and click Ok 3
Enter your Passcode based on your token type: Hardware Token Users Enter only the Token Passcode (Only the 6-digit number displayed on the token) and click Log On. Blackberry Software Token Users Enter your Token Passcode (The 8-digit number obtained by opening the Blackberry RSA Application, NOT entering a PIN, and selecting Get Passcode ) and click Log On. Internet Explorer RSA SecurID Toolbar Users Enter your Token Passcode (The 8 digit number obtained by opening Internet Explorer, NOT entering a PIN, and clicking the green check on the RSA SecurID Toolbar ) and click Log On. You will then be presented with a prompt to set a personal PIN. Step 2 Set a new PIN 4
Choose a personal PIN between 4 and 8 numbers long and enter it twice in the text boxes provided. Do not use a zero for the first number and choose something that is easy to remember. This PIN is used with your issued RSA token to identify and authenticate you on the GNB network. Your personal PIN should never be written down or given to another user. The Next Tokencode is the next token code showing after the one used in Creating your PIN Step 1. Do not include your newly created personal PIN in the Next Tokencode box. If your token code has not changed since Creating your PIN Step 1 wait up to 1 minute for the next token code to display and enter it in the Next Tokencode box. Then press OK A successful login will bring you to the My Account page and will show any RSA Tokens that are assigned to you. Step 3 Test your PIN Under the My Authenticators section find your token information and click the test link 5
Test your token with the following information: IMPORTANT note: You cannot use a Passcode more than once. If necessary, wait until the token displays new digits (They change every 60 seconds). User ID Must match your Active Directory User ID (GNB Employees) or the account name assigned to you when your token was issued (Contractors or Custom Portal users). Enter your Passcode based on your token type: Hardware Token Users Enter the Token Passcode (Your PIN +the 6-digit number displayed on the token for example, if your pin is 123456 you would enter 123456XXXXXX where the X s represent what is displayed on the token) and click Test. Blackberry Software Token Users Enter your Token Passcode (The 8-digit number obtained by opening the Blackberry RSA Application, entering your PIN, and selecting Get Passcode ) and click Test. Internet Explorer RSA SecurID Toolbar Users Enter your Token Passcode (The 8 digit number obtained by opening Internet Explorer, entering your PIN, and clicking the green check on the RSA SecurID Toolbar ) and click Test. 6
Click Ok and you will be redirected to the My Account page To close the session click Log Off on the top right hand corner. Test your RSA Token PIN To test your RSA Token PIN, login using the Logging on to the RSA Self-Service Console procedure listed above. Your RSA Token PIN is working correctly if you reach the My Account page and can see a list of any RSA Tokens that are assigned to you. Setup Questions and Answers (Q&A) Authentication Login to the RSA Self-Service Console using the Logging on to the RSA Self-Service Console procedure listed above. If you do not have personal Questions & Answers associated to your RSA Token account the system will display the following warning: 7
Below the list of tokens next to Security Questions click set up 8
From the first drop down list choose your language of preference for your Q&A. English and French are supported. From the individual drop boxes 1 through 5 choose your personal security questions. Provide the corresponding answers and then click Submit Your Request. Use questions and answers that are easy to remember. These will be used to identify and authenticate you in the event you need to reset your PIN. Your personal Q&A information should never be written down or given to another user. Successfully registering your personal Questions & Answers results in the following message: 9
Should you forget your personal PIN you go can back to the RSA Self-Service Console web page at any time and reset it by correctly answering any 3 of these 5 personal security questions. To close the session click Log Off on the top right hand corner. Change your PIN You can change your PIN at any time by first logging into the RSA Self-Service Console. Choose one of the following three methods: Method 1 I know my current PIN Login to the RSA Self-Service Console using the Logging on to the RSA Self-Service Console procedure listed above. A successful authentication will open with the My Account page and display a list of any RSA Tokens that are assigned to you. 10
Click the Change PIN link next to your token. 11
Enter your current PIN in the first text box. Then choose a new personal PIN between 4 and 8 numbers long. Enter it twice in the text boxes provided and click Save. Do not use a zero for the first number and choose something that is easy to remember. This PIN is used with your issued RSA token to identify and authenticate you on the GNB network. Your personal PIN should never be written down or given to another user. A successful login will bring you to the My Account page and will show any RSA Tokens that are assigned to you. This message is displayed upon successful PIN change: To close the session click Log Off on the top right hand corner. Method 2 I do not know my current PIN but have completed my Q&A Open Internet Explorer and go to https://rsa-web.gnb.ca Click the Troubleshoot SecurID token link. 12
Enter your User ID, and click Ok The system will randomly pick 3 of your 5 personal security questions and ask for the corresponding answers Fill in the answers and click Continue 13
Select I forgot my PIN and click Ok Create a new personal PIN between 4 and 8 numbers long, and enter it twice in the text boxes provided. Do not use a zero for the first number and choose something that is easy to remember. This PIN is used with your issued RSA token to identify and authenticate you on the GNB network. Your personal PIN should never be written down or give out to another user. Then press OK. You will be redirected to a Test Your Token page. 14
Test your token with the following information: IMPORTANT note: You cannot use a Passcode more than once. If necessary, wait until the token displays new digits (They change every 60 seconds). User ID Must match your Active Directory User ID (GNB Employees) or the account name assigned to you when your token was issued (Contractors or Custom Portal users). Enter your Passcode based on your token type: Hardware Token Users Enter the Token Passcode (Your PIN +the 6-digit number displayed on the token for example, if your pin is 123456 you would enter 123456XXXXXX where the X s represent what is displayed on the token) and click Test. Blackberry Software Token Users Enter your Token Passcode (The 8-digit number obtained by opening the Blackberry RSA Application, entering your PIN, and selecting Get Passcode ) and click Test. Internet Explorer RSA SecurID Toolbar Users Enter your Token Passcode (The 8 digit number obtained by opening Internet Explorer, entering your PIN, and clicking the green check on the RSA SecurID Toolbar ) and click Test. 15
Click Ok and you will be redirected to the main RSA Self-Service Console sign in page. Close Internet Explorer to end the session. Method 3 I do not know my current PIN and have not completed my Q&A You will need to contact your Departmental Service Desk and request an RSA Token PIN reset. Common Problems with VPN Authentication I forgot my PIN If you forget your PIN and / or enter an incorrect PIN you will not be allowed to connect to your application. If an incorrect PIN is entered more than 10 times the system will display an Invalid username or password message above the username field as shown: 16
Repeated VPN Login Failure Screenshot If you have previously setup personal security Questions and Answers (Q&A), you can use the procedures listed above in this document to reset your PIN. If you have not setup personal security Questions and Answers (Q&A), please contact your Departmental Help Desk for further assistance. I m being prompted for an additional token code If you receive the Token Resync Required warning, enter the next code as follows based on your RSA token type: Hardware Token Users Enter the next Token Code (The next 6-digit number displayed on the token) into the SecurID Token Code text box, and click Enter. Blackberry Software Token Users Enter the next Token Passcode that is displayed on the Blackberry, you do not need to re-enter any information just wait up to a minute for the next number to be displayed, enter that number into the SecurID Token Code text box, and click Enter. Internet Explorer RSA SecurID Toolbar Users Enter the next Token Passcode that is displayed in the Internet Explorer SecurID Toolbar, you do not need to re-enter any information just wait up to a minute for the next number to be displayed, enter that number into the 17
SecurID Token Code text box, and click Enter. Enter Next SecurID Token Code Screenshot 18