|Applies To||RSA ACE/Server 5.2 and later|
|Issue||Issue replacement tokens without causing user downtime|
The original token will work until the replacement token is used to authenticate. Authenticating with the replacement token unassigns the original (replaced) token and leave just one entry for the replacement token, now marked as the original.
When a token is assigned as a Replacement token, the Original token and the Replacement token are both temporarily assigned to the user. If you examine the user's record, you will see both tokens assigned to the user, and after the serial number entry for each token, you will see a letter O or R, for Original or Replacement. If you examine the token record Replacement token, it will have a line:
Replacing serial number:
If you examine the token record for the Original token it will have a line:
Replacement serial number:
The other token's serial number will be shown as the replacement (you can temporarily consider them replacements of each other).
When a user authenticates with the Original token they authenticate normally, as long as the token is valid and enabled. Once a user authenticates with the Replacement token, the Original one will be "replaced" and unassigned from the user. After this the actions vary depending upon the database settings. For example, if "Automatically delete replaced tokens from the database" is enabled, the token record will be deleted from the database. If "Automatically delete replaced tokens from the database" is not enabled, the replaced token's main status fields will be reset ( it will be set to disabled, in new Pin Mode, and not lost).
|Legacy Article ID||a34963|