You are on page 1of 15

RSA Token QR Code Import for Android

This document demonstrates how to import a RSA Secure ID SoftToken into the RSA SecureID app
using a QR code. The RSA SecureID app supports multiple token formats, but the QR code is the
preferred method.

Before a RSA SoftToken can be issued the Biding ID (also known as the Device ID) must be
provided to the IT Security team, the process for this is not shown in this document.
A password is required for the initial token import which will be supplied separately, do not
proceed until you have the required password.
A valid SoftToken QR code.
A PC (either EDF or external) with a Web browser to set the token PIN for first use.
RED Network Nortel VPN users may need to update their VPN client settings using the
instructions at the end of this document.

The QR codes have a short expiry date to prevent cloning, this is not the same as the token expiry
date once the SoftToken is imported. If you print your token code, please ensure it is securely
shredded after successfully importing the SoftToken.
When a token is shipped for the first time there is no PIN associated with it, the process to set the
PIN initially forms part of this document.
The SoftTokens do not operate in the same way as the physical tokens. When using a physical token
you enter your PIN number into the authenticating application (such as the VPN client) and then
enter the six digit number displayed on the token.
The SoftTokens require you to enter your PIN number into the RSA SecureID app first, before it
displays an eight digit token code. You then only enter this eight digit code into the authenticating
application, do not enter your PIN again.
Your PIN number is not stored within the SoftToken or the RSA SecureID application, the eight digit
code is generated using an algorithm formed from the current time, the PIN number entered and
other information.

Import a QR code for Android Devices

1. View or print the QR code image file attached in the distribution email, it should look like the
obfuscated example below and should be clear with no smudges.

2. Start the RSA SoftToken app on your Android device and press the Import Token button at
the bottom of the screen.

Note: If a SoftToken is already installed and you want to add another then press the Menu
icon at the top right of the Enter PIN screen to see the Token List and import screen.

3. Select Scan QR Code from the list.

4. Face the Android device at the QR code, it will automatically detect the QR code.

5. Enter the token password provided and press OK

6. Click OK once successfully imported, the token is now ready for first use.

Note: If the token fails to import, note the error and ask for the token to be re-issued
ensuring the correct device type and Binding ID are provided.

7. Start the SoftToken for the first time by leaving the PIN number blank and pressing Enter or
the > icon.

Note: Before a new token is ready for use a PIN must be set, re-issued SoftTokens keep their
existing PIN.
The eight digit token code will now be displayed along with a countdown timer showing the
length of time before the code changes.

8. Browse to either of the URLs below using a PC with a web browser. Any user can set their
PIN via the UAG, even if they dont normally have UAG access.
9. Click the continue hyperlink to logon with limited functionality.


10. Enter the required credentials and then click Log On.
In the User Name field type in your LAN user ID.
In the SecurID Passcode field type in the 8 digits showing on the token.
Ensure the Domain should show as Customer.

11. Enter a new PIN number and then click Log On.

12. Once the new PIN is accepted you will be returned to the logon screen.

Do not close this window yet.

13. To ensure the SoftToken is displaying the correct digits for the next use, press the back
button on your device

Android system
Back Button

14. Enter your new PIN and press > or Enter.

The token is now ready for use.

15. Logon to the UAG again by entering the required credentials and then click Log On.
In the User Name field type in your LAN user ID.
In the SecurID Passcode field enter the 8 digits from the token after entering the new PIN.
Ensure the Domain should show as Customer.

16. After a successful logon you will see a screen similar to the one below.

If you are an EDF Energy RED network Nortel VPN user then you will may to change the VPN
client settings. Follow the instructions below to verify the settings.
1. Start the Nortel VPN client by clicking Start -> All Programs -> Nortel VPN Client

2. Click on the Options menu and then the Authentication Options menu item

3. In the Authentication Options dialog window, press the Options >> button

4. Ensure the Use Passcode Display option is ticked and click OK.

5. Click OK on the Authentication Options dialog window.

6. The Nortel VPN Client window will now have a single Passcode field rather than the split PIN
and token fields.

Note: If you want to use a physical or six digit token then enter your four digit PIN
immediately followed by the six digits from the token into the Passcode field (forming a
single 10 digit number).