Frequently Asked Questions

To set PIN directly from the SecurID app and Self Service:

  1. Within the SecurID app, click Submit without entering a PIN.
  2. On your computer, within Self Service > RSA SecurID Authentication: https://amrsa.ups.com/ssp/

    3. Enter your own SecurID in User ID.

    Enter the 8-digit code generated from the SecurID app, in Passcode.

  3. Proper entry results in prompt to “Set New PIN”. Create an 8-digit PIN and re-enter the PIN for confirmation, then click Log On.

    4. Note: PIN parameters are as follows:

  4. Proper entry results in “PIN Accepted”. You can now enter the PIN into the SecurID app. Then enter the 8-digit code generated from the SecurID app, into the Passcode field.
  5. Once logged into Self Service, you can see the PIN update reflected within the Authentication History tab.
  6. Software token can now be used as needed. As mentioned earlier, if you are receiving “Error while retrieving Challenge Questions” when attempting to sign into Self Service with your Challenge Questions, that is an error that needs resolution via SMC Incident. Users need to be able to log in with Challenge Questions for full functionality with their SecurID token. Please contact the UPS Help Desk at 1-888-UPS-TECH (1-888-877-8324), or via applicable local Help Desk telephone numbers.

1. A token passcode can only be used once. It should not be reused to attempt a second/separate authentication.

2. A token passcode should not be repeated after a failed authentication. If you entered a passcode and it did not work, or you are in Next Tokencode mode, use the next passcode generated by your token.

3. A token passcode will be generated even if you enter an incorrect PIN, or do not enter a PIN at all. The generation of a passcode does not confirm correct usage by an end user.

4. RSA automatically locks accounts after 5 consecutive failed authentications within 2 minutes. RSA then automatically unlocks accounts after 30 minutes.

Utilize the appropriate login procedure based on the token type you are using:

5. For Hardware Token: enter your SecurID PIN + token code from your token (without any spaces), into the Passcode field. There are 14 characters for a hardware token passcode (8 PIN digits + 6 token code digits).

6. For Software Token: enter your SecurID PIN into the SecurID app on your mobile device. Then enter the 8-digit passcode that is displayed on your mobile device (without any spaces), into the Passcode field. There are 8 characters for a software token passcode.

7. For Emergency Code: enter your SecurID PIN + the Emergency Code (without any spaces). There are 16 characters entered into the Passcode field (8 PIN digits + 8 characters from Emergency Code).

  1. Click here to access the SecurID Self Service Site Login Page
  2. Click RSA SecurID Authentication icon.
  3. Enter your SecurID in the User ID field. Enter valid passcode in Passcode field. Click Log On.

    4. For Hardware Token: enter your SecurID PIN + token code from your hardware token (without any spaces). There are 14 characters for a hardware token passcode (8 PIN digits + 6 token code digits).

    For Software Token: enter your SecurID PIN into the SecurID app on your mobile device. Then enter the 8-digit passcode that is displayed on your mobile device (without any spaces), into the Passcode field. There are 8 characters for a software token passcode.

    For Emergency Code: enter your SecurID PIN + the Emergency Code (without any spaces). There are 16 characters entered into the Passcode field (8 PIN digits + 8 characters from Emergency Code).

  1. Click here to access the SecurID Self Service Site Login Page
  2. Click on the Challenge Q&A Authentication icon.
  3. Enter your RSA SecurID in the User ID field and click Log On.
  4. Enter the answers to your Challenge Questions and click Submit Answer.

    5. For UPS Employees, these are the same challenge questions and answers entered in UPSers.com.

    For Vendors/Consultants, these are the same challenge questions and answers entered during the vendor validation process.

    NOTE: If you do not see your questions after entering your SecurID and instead receive this error, please follow these steps:

    A. If you need to set PIN on your token for the first time, please go to Alternative Method to Set Soft Token PIN on the top of this page before proceeding to step B.

    B. Error while retrieving Challenge Questions is an error that needs resolution via SMC Incident. Users need to be able to log in with Challenge

    Questions to have full functionality associated with their SecurID token. Please contact the UPS Help Desk at 1-888-UPS-TECH (1-888-877-8324), or via applicable local Help Desk telephone numbers.

  1. Click here to access the SecurID Self Service Site Login Page
  2. Click on the Challenge Q&A Authentication icon or One-Time Email PIN icon
  3. A token in Next Tokencode mode after a failed authentication attempt will show Resync Required next to the token serial number.
  4. Click Resync Token for applicable token.
  5. Enter the tokencode currently displayed on your hardware token or software token in the Current Token field. Do NOT click Submit yet.

    6. A. For hardware token, enter the tokencode displayed on your token.

    B. For software token, DO NOT ENTER A PIN on your mobile device. Click Submit to generate a tokencode and enter the tokencode displayed on your mobile device.

  6. Wait for the next tokencode to appear on your token, then enter that tokencode in the Next Token field and click Submit.
  7. Valid tokencode entries result in Token Resync Success. Click Close.
  8. It no longer states Resync Required next to the token serial number.

1. Click here to access the SecurID Self Service Site Login Page.

2. Login using the RSA SecurID Authentication icon, the Challenge Q&A Authentication icon or the One-Time Email PIN.

3. You will begin at the Home tab. Click the Authentication History Tab.

4. View Authentication History from drop-down menu.

5. Authentication History is displayed (if applicable).

1. After opening the SecurID app on your mobile device, click the three dots to the right of the token name. Then click Token Information.

2. Serial Number is listed within the Token Information.

Users may have Suspension Date issues, in which authentication attempts fail because their SecurID account has expired within RSA. User logs from Self Service > Authentication History tab will reflect an error message of Principal account expired:

There are three main reasons a user will have Principal account expired:

1. Account is validly expired within APRS.

2. Account had Suspension Date updated through process that does not sync all systems.

3. Account is for a UPS Employee who converted from Contingent Worker.

Issue can be resolved for each reason as follows:

1. Account is validly expired within APRS

Account is expired within APRS, as indicated by a past date in “SecurID Access Suspension Date”:

Select Modify Account in APRS. If unable to submit, please have your manager/responsible UPSer assist.

After profile information, select Update “SecurID Access” Suspension Date (Remote Access):

Enter the updated date within the SecurID Suspension Date field.

This request will sync the Suspension Date across both APRS and RSA, so the account will no longer be expired. APRS records will now show the following type of request for the Suspension Date update:

2. Account had Suspension Date updated through process that does not sync all systems

If the Suspension Date within APRS does not show a past date, the date may have been updated from a request outside of the process from point #1 (meaning the date was updated in APRS but not synced to RSA). This can be resolved by opening an SMC Incident with the UPS Help Desk at 1-888-UPS-TECH (1-888-877-8324). Please ask for the INC to be opened to the IAM - RSA Token Authentication Manager queue and state that “Principal account expired” is the issue encountered for SecurID.

3. Account is for a UPS Employee who converted from Contingent Worker

If user was a Contingent Worker and converted to UPS Employee, the Suspension Date may still be associated with the account. This can be resolved by opening an SMC Incident with the UPS Help Desk at 1-888-UPS-TECH (1-888-877-8324). Please ask for the INC to be opened to the IAM - RSA Token Authentication Manager queue, advise that user has converted from Contingent Worker over to UPS Employee, and that “Principal account expired” is the issue encountered for SecurID.