J.P. Morgan Access RSA Securid Software Token Faqs

J.P. Morgan Access®

RSA SecurID® Software Token FAQs

This guide is confidential and proprietary to J.P. Morgan and is provided for your general information only. It is subject to change without notice and is not intended to be legally binding. All services described in this guide are subject to applicable laws and regulations and service terms. Not all products and services are available in all locations. Eligibility for particular products and services will be determined by JPMorgan Chase Bank, N.A. or its affiliates. J.P. Morgan makes no representation as to the legal, regulatory or tax implications of the matters referred to in this guide.

J.P. Morgan is a marketing name for the Wholesale Payments businesses of JPMorgan Chase Bank, N.A., member FDIC, and its affiliates worldwide. JPMorgan Chase Bank, N.A., organized under the laws of U.S.A. with limited liability.

April 2020

What is happening with my security token?

A If you use an RSA SecurID® security token, you will have a new software token option. This change is part of the J.P. Morgan Access Administration credential management enhancements introduced to select clients on June 10, 2019.

When will the RSA SecurID® software token be available to all clients?

A The RSA SecurID software token is scheduled for general availability in late August 2019.

Can I change from the hardware version of the RSA SecurID® token to the software version?

A If you are an active user with the hardware version of the RSA SecureID token, a Security Administrator (SA) can assign you with a software token. Once this is done, you will receive a text message with the software token activation code and a notification email, which will have the RSA Secure ID Soft Token Registration instructions in an Adobe® PDF format attached.

You can use either a hardware token or a software token; you cannot use both.

Please note that you must have a mobile number in your Access profile before a software token is assigned to you. This will allow you to receive an activation code to register the software token.

I haven’t received the software token activation code. What do I do now? A Please contact your Security Administrator and ask them to resend the activation code. If you are an existing Access user who has logged in using the software token, you will not receive an activation code.

Note to Security Administrators: Go to Edit User  Select User  Click on Resend Activation code. You should always check if the end user’s mobile device number is correct in Administration-Credential Management.

Where can I download the software token app? Which mobile devices is the J.P. Morgan Access® RSA SecurID® Software Token app compatible with?

A You can open either the Apple® App Store® or Google PlayTM store on your Apple iOS® or AndroidTM mobile devices. Search for the “RSA SecurID® Software Token” app, and download the app. Be sure you are able to access the Apple App Store or Google Play Store, which typically require a personal authentication on your mobile device before allowing the download. At this time, Apple iOS or Android mobile devices are compatible with the J.P. Morgan Access RSA SecurID Software Token” app.

If I am a new J.P. Morgan Access® user or a current user who was migrated to a software token, how will I receive the software token instructions?

A Once your Security Administrator sets you up with a software token, you will receive two emails:

• One email will contain the User ID and two documents attached: the J.P. Morgan Access® New User Quick Start Guide and RSA Secure ID® “Registering a Software Token on your device” registration instructions in an Adobe® PDF format.

• The second email will contain a temporary password and instructions for setting up a new password.

Note to Security Administrators: Any user that is provisioned with a software token will be automatically converted to an Alternate Logon User (ALU-HSM) status, which has additional password rules.

Can the software token be used with J.P. Morgan Access® Mobile? A Yes, if you are entitled to the Mobile application. You will need to log on to Access via a desktop or laptop with the software token first. After the first logon, you will be able to use the software token with Mobile.

What should I do with my existing hardware token? A You can hold on to the hardware token until you are comfortable with using the software token. If you no longer need the hardware token, please mail or courier it to: Attention: J.P. Morgan Access Expired Tokens 10410 Highland Manor Drive - Floor 03 Tampa, FL, 33610-9128, United States

Why should I use a software token rather than a hardware token? A In general, software tokens have certain advantages over hardware tokens. For example, they can’t be lost, they can be automatically updated with the latest protections, and they can be distributed to users on demand, anywhere on the globe. This eliminates the need to carry around an additional piece of hardware, and software tokens have been incorporated into most smartphones in the form of an app.

Do I have to convert to a software token? Will J.P. Morgan Access® get rid of hardware tokens? A At this time, Access will continue to support hardware tokens. You should speak with your Security Administrator for any additional details about your company’s needs related to hardware and software tokens.

Is it defined at the Client level whether a user has a software or hardware token? A Note to Security Administrators: In Administration Credential Management  CLIENT LEVEL  CLIENT PREFERENCES, there are three Default Settings:

• ENABLED – allows users to be enabled to software tokens by default • DISABLED – Software token will not be available; The Security Administrator can only assign hardware tokens • OPTIONAL – Software token will be available to users, and the SA can choose which users to assign hardware tokens vs. software tokens

Does the software token require additional authentication? How do I use the RSA SecurID® Software Token App? A The RSA SecurID Software Token App is readily available for use once it is successfully registered. You do not need any additional authentication to open the application, since your mobile device typically will have an authentication method (for example, password, swipe, fingerprint, facial recognition, etc.). Simply open the app on your mobile device, and enter the six-digit code along with your User ID and Password on the J.P. Morgan Access® Log On page.

Can the Token be renamed in the app? A Yes. Follow these steps: 1. Choose the Menu option.

2. Select Settings (the gear icon) for the token you want to rename. From the menu that displays, tap Rename Token.

3. Edit the token name. Tap Ok to save the new name.

When migrating an end user to a software token, at what point will the RSA SecurID® hardware token no longer be able to be used? A Once the approval process is completed (for example, Security Administrator 2 approves the software token), the end user’s hard token can no longer be used. The end user will need to go through the process of downloading, registering, and activating the software token on their mobile device. Note: End users can only have one Security credential type – either hard token or soft token – not both.

How do I download and import the J.P.Morgan Access® software token if I already have an existing RSA SecurID® software token?

First, tap the RSA Software token app on your mobile device to launch the app. Then do the following:

1. Tap the Menu icon to display the Token list screen. 2. From the Welcome screen, tap the + icon (Apple device) or Import Token (Android device). 3. Select either Scan QR Code or Enter Link. For this example, we will chose Enter Link. 4. Copy the URL from the RSA Soft Token Registration instructions provided by your Security Administrator and paste it into the import token field on the next screen. Or you can manually enter the URL into the import token field. (Be sure to copy the correct URL for your mobile device – iOS, or Android.) 5. On the next screen, enter your activation code to complete the import of the token. 6. Once successfully imported, a "Token successfully imported." acknowledgement message will display. Tap OK. Notes: • Once the token is successfully imported, the six-digit Token Code will display. When you are ready to log on to Access, enter this number in the Token Code field in the Access Log On page. • If you are entitled to Access Mobile, after an initial log on using a desktop or laptop, you can copy the Token Code from the RSA app by clicking the Copy icon, and pasting it into the Mobile app's Token Code field.

How can I toggle from the J.P. Morgan Access® software token to another company’s software token? A From the JPMA Soft Token screen, tap the menu button. From the My Tokens screen, tap the soft token you want to display; enter the token code accordingly.

How can I view the serial number of the software token on my mobile device? A Tap the information icon on the lower right of the Soft Token screen. The serial number, along with additional information, will display.

Note: Screens will vary on an AndroidTM device; instructions are the same.

If I have multiple User IDs, can I use the same software token? Or will I need to request an additional software token? A If you have multiple User IDs, you can request one software token for each user ID – up to ten tokens per mobile device.

Are there any feature differences between Apple iOS® and the AndroidTM version of the RSA SecurID® software token?

A No, there are no feature differences between the iOS and Android device for RSA SecurID software token. There are differences in the look of the screens, depending on the iOS /Android version, and your settings.