RSA Tokens

Hardware fob

Android App

Apple App

fob

android icon

apple icon

RSA tokens provide multi-factor authentication (MFA) for NOAA RDHPCS systems. With the widespread adaption of smart phones, it is preferred that users install the RSA SecurID app on their device. Hardware fobs are available on request, but expect a several week lead time.

As part of obtaining a NOAA RDHPCS Acount, you will request an RSA token, and follow the below steps to activate or configure it.

Attention

The token code displayed on the fob or app is a single use code. Do not re-use a token code; wait for it to change.

Regardless of RSA type, your first step is to fill out a form.

Requesting a new or replacement RSA token

New users: Submit the RSA token request form and OTRS Ticket

1. Access the RDHPCS AIM site and follow the link labeled “Make a request for an RSA token”. Make sure you are logged into Google with your NOAA.GOV credentials, and fill out the form.

Note

If you have problems logging into AIM, you are probably a new or returning NOAA user and need to set up the NOAA MFA (Multi Factor Authentication). Please try logging into the NOAA Staff Directory and contact your local I/T support people if you cannot login.

2. Open an OTRS ticket. Send email to rdhpcs.aim.help@noaa.gov, with the subject of ‘First.Last: Token for new device’ (replace First.Last with your First Last NOAA username).

Current users: Replacement token for a new smart phone

Send an email from your NOAA.gov account to rdhpcs.aim.help@noaa.gov requesting a new RSA activation URL. Use a subject of ‘First.Last: Token for new device’ (replace First.Last with your First Last NOAA username).Wait for responses to your helpdesk ticket, then proceed.

RSA Hardware Token Instructions

If you have been allocated a hardware token, confirm receipt by opening a helpdesk ticket. Send an email from your NOAA.gov account to rdhpcs.aim.help@noaa.gov Use a subject of ‘First.Last: Enable token’ (replace First.Last with your First Last NOAA username). Once enabled, proceed with the activation steps below.

RSA Software Token Instructions

Attention

Users are allowed one RSA token. Choose one mobile platform – Apple or Android – to use your RSA soft token on.

Attention

You cannot reuse an authentication token or URL. If you get a new mobile device, see the above section.

Before proceeding, you must have an email from the RDHPCS Accounts Team that provides the activation URL. Forward that email or URL to your smart phone.

Attention

The activation URL is only good for seven (7) days!

Step 1: Install the application

Hint

If you already have the RSA application installed on your device, do not install it again. You only need to add a token by using the “+” in the app.

Use these links to install the app on your mobile device. If you cannot use the links, search the app store for “RSA Authenticator”. The app icons will look like these:

Type

Link

Icon

Android

https://play.google.com/store/apps/details?id=com.rsa.securidapp&hl=en_US

android icon

iPhone, iPad

https://apps.apple.com/us/app/rsa-authenticator-securid/id318038618

android icon or apple icon

Step 2: Click the activation URL

Attention

If at all possible, read or forward the “RDHPCS Software Token Activation” email to your mobile device so the activation URL can be copy and pasted. It is permitted to forward that email to a personal address for the purposes of RSA activation.

As of mid 2024, it should be possible on both Apple and Android platforms to simply click on the Activation URL in the email.

Once the RSA credential has been imported, you will want to rename it from the default name of “SecurID OTP Credential”. Use the ... menu to select Rename and rename the credential to “NOAA-RDHPCS”

Alternate Step 2: Manually enter the activation URL

If clicking on the URL does not work, select and copy the Activation URL.

Important

COPY THE ENTIRE ACTIVATION URL

  • On your mobile device, open the RSA application.

  • Click on the + in the upper right corner

  • Click the ‘Registration Code or URL’ field

  • Paste, or type in, the activation URL. Make sure the URL starts with https://authenticator.securid.com/securid/ctf/

Refer to this screenshot:

Android (new) fillin

Attention

Leave the email and organization fields blank!!

You have filled in the URL field and the email and organization fields are blank.

  • The Submit button should now be active. Click it.

Now proceed with the below activation steps.

RSA Activation

Step 3: RSA Activation and PIN setting

When you have just configured your RSA soft token, or have just confirmed receipt of your RSA hardware token (fob), it will be inactive. Follow these steps to activate your RSA token:

  1. Access the RDHPCS SSLVPN

  2. Enter your username; the “First.Last” portion of your NOAA email address.

  3. For the password, enter the 6-digit code shown on the fob, or the 8-digit code shown on the app.

  4. Follow the prompts to set a PIN. Use 4 to 8 alphanumeric characters.

  5. Confirm the PIN by re-entering it.

  6. Once complete, you may close that browser window.

Note

Do remember your PIN. When you are asked to enter your RSA passcode, you will enter your PIN followed by the 8 digit number displayed in the RSA app on your mobile device.

Attention

The token code displayed on the fob or app is a single use code. Do not re-use a token code; wait for it to change.

Step 4: Success! Mark helpdesk ticket as completed

You have now activated your NOAA RDHPCS RSA token. Reply to the helpdesk ticket confirming success. You may now proceed with accessing the desired HPCS resources.