000026513 - How to install one RSA SecurID software token on multiple devices

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jul 26, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026513
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA SecurID Software Token

IssueThis article provides steps on how to have one RSA SecurID software token installed on multiple devices.

Authentication Manager 7.1

When the token is first issued and distributed, use a device type of Generic AES 128, and Issue the token as an .sdtid token file.

The token file generated must be carefully secured, as this can be imported into any type of software token device (may need additional post-processing). 

If the file is no longer available, it can be redistributed to generate the same tokencodes, by making sure the checkbox for regenerate the tokencodes is NOT checked.  Note that this option must be selected before the token is first issued.

If the checkbox to regenerate tokencodes is checked it is possible to wipe out all assigned tokens, causing authentication failures for all users and the requirement to reassign all tokens.

Authentication Manager 8.x

RSA Authentication Manager 8.x no longer includes the option to NOT regenerate the token when distributing, as this can create a security vulnerability. The only choices are to have the old .sdtid file stored and distributed very securely, or to create a new file and distribute to all devices.

RSA recommends that a unique software token is used for each user and each device.

CT-KIP will regenerate the seeds during the negotiation steps, which will make the token on the original device on which it was installed invalid.
Legacy Article IDa67752