000017714 - Users migrated from AM 7.1 cannot request replacement tokens in AM 8.1 Self-Service Console

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017714
Applies ToRSA Authentication Manager 8.1
IssueUsers migrated from AM 7.1 cannot request replacement tokens in AM 8.1 Self-Service Console
Users with pre-existing, distributed tokens cannot request replacement tokens via the self service console in 8.1. If the same token is assigned in 8.1, and distribute it, the request replacement link shows up in the Self-Service Console.

Users from AM 7.1 cannot request replacement tokens in Self-Service Console after migrating to AM 8.1


1. Administrated assigned and distributed tokens to users in AM 7.1. Then he migrated the database to AM 8.1.
2. In AM 8.1, token appears as assigned. However, user does not see the option to request a replacement token.

This happens only to users migrated from AM 7.1. These tokens are likely to expire and users need a way to request a replacement token.

CauseThe tokens are not assigned  a software token profile prior to distributing them.  When we distribute the software tokens in AM 7.1 we do not need to select the software token profile, but in case of AM 8.1 it is mandatory.
Resolution

Please review RSA? Authentication Manager 7.1 to 8.1 Migration Guide, page 128 below as part of post migration task for self-service console and that will eventually be the workaround for this issue:



  

Task


  

  

Description


  

  

Reference


  

  

Advise migrated self-service users to request a new software token when they need to replace a software token or report a lost or damaged token.


  

  

After migration, self-service users cannot request replacement software tokens until you associate the tokens with a software token profile. To avoid redistributing all migrated software tokens, advise self-service users to request a new token when they need to replace a token or report a lost or damaged token. In the token request, users can describe the reason for the request. 
   If you redistribute a migrated software token using a software token profile, users can request a replacement token as they would normally. After redistributing a software token, a user cannot authenticate until he or she imports the new token to the client device.


  

  

? Security Console Help topic ?Software Token Profiles? 
   ? Instruct self-service users to see the Self-Service Console Help topic ?Request an Additional Token?


  

 

1. Launch Security Console; Authentication; Policies, Token Policies.
2. (optional) Check the button "Users can reuse previous pins" (if this meets your corporate policy)
3. Security Console ---- > Setup --- > System settings ---- > Self-Service Console settings ---- > Enable provisioning and request for software token.

Legacy Article IDa66999

Attachments

    Outcomes