Flowchart showing the RSA SecurID pin reset flow between the User, API Client and PingFederate.
  1. The status of SECURID_CREDENTIAL_REQUIRED is returned in the response to the API client.
  2. The API client displays the information returned by PingFederate.
  3. The user enters the corresponding SecurID credential.
  4. The API client invokes the checkCredential action.
  5. Depending on the user pin creation method configured in RSA SecurID, one of the following occurs:
    • The status of SECURID_SYSTEM_PIN_RESET_REQUIRED is returned with system generated pin.
    • The status of SECURID_USER_PIN_RESET_REQUIRED is returned with criteria required for the new pin.
  6. The API client notifies the user that pin reset is required and displays the corresponding data.
  7. The user resets the pin.
  8. The API client invokes the following action based on the status received in step 5:
    • continue if the status returned before was SECURID_SYSTEM_PIN_RESET_REQUIRED.
    • resetPin if the status returned before was SECURID_USER_PIN_RESET_REQUIRED.
  9. The status of SECURID_REAUTHENTICATION_REQUIRED is returned.
  10. The API client notifies the user that re-authentication is required.
  11. The user re-authenticates with a passcode.
  12. The API client invokes the checkPasscode action.