000031688 - RSA SecurID software token is distributed in a disabled state when requested with modified software token profiles via the Authentication Manager Self-Service Console

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Jul 28, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000031688
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
IssueWith a new software token profile, users can request an RSA SecurID software token from the Self-Service Console.  The request is sent to the workflow process as a pending request, if approval is required.  Once the request is complete, the token is in the enabled state, which requires activation by the user.
User-added image


With a modified software token profile which has associations with other tokens, the user is required to perform an additional task because the token is sent in the disabled state.

User-added image

Users can request a token from the Self-Service Console.  The request is pending a work flow process if the approval is required.  The request is completed in the Self-Service Console and the token is in a disabled state, which requires an additional task to enable the token manually prior to token activation by the user.
An example email notification to the user is below:
Email notification
ResolutionThis is functioning as designed that the workflow in RSA Authentication Manager 8.1 does introduce a new step in the provisioning process.   However, this new step helps to enhance the security of the token provisioning request.  
By requiring an enablement code, it ensures that the token is not distributed in an Enabled state until the user is ready to enable it, either by following the link to Self-Service Enablement in the provisioning email, or by calling the Help Desk. 
WorkaroundHere is a workaround to this issue: 
  1. Login to the Security Console.
  2. Navigate to Settings Self-Service Settings.
  3. Under Provisioning, select Manage Authenticators.
  4. Scroll to the Software Token Profiles section 
  5. Check the option to Allow users to edit token attribute details.
  6. Click Save
  7. Uncheck the option to Allow users to edit token attribute details.
  8. Click Save
This will take an immediate effect that the token can be assigned to users in an enabled state which eliminates an additional task.