Environment: Air-gapped facility, 24/7 ops, no helpdesk on 2nd & 3rd shift, no cellphone or internet service
Scenario: Primary token is an OTP hard token, left at home or lost by employee
Options:
- The supervisor on the night shift has the ability to serve as an SP Helpdesk and can provide the employee with a temporary OTP if needed.
- The supervisor can assign a spare token to the employee by securely storing it in a locked drawer or cabinet. This can be done using the supervisor's SP Helpdesk role.
- An alternative solution would be for a supervisor who has a SP Helpdesk Role to temporarily share their token with the employee. This would enable the employee to log in using the supervisor's token for the time being.
- If the facility is using WLM, the supervisor can give the employee the Master Passcode for their device, which can be obtained from a secured spreadsheet. This will allow the employee to log in. Afterward, the supervisor should inform the IT Helpdesk that the Master Passcode for that workstation needs to be reset.
- To ensure a seamless backup solution, a few additional tokens can be distributed to all employees with SP accounts in the facility. These tokens will serve as backups, eliminating the need to assign a supervisor as a Helpdesk role in the SP Admin panel. The spare tokens can be securely stored in a lockbox until they are needed. When necessary, a supervisor can easily retrieve one of the tokens for a user to log in and then return it safely to the lockbox. This streamlined process provides a reliable solution for employee access without any complications.