000025716 - Understand how to control token lost status

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025716
Applies ToAuthentication Manager 6.x
ACE/Server 5.x
IssueUnderstand how to control token lost status
Admin  GUI checkbox "When lost status expires, mark token as Not Lost"
Admin Toolkit function Sd_EmergencyAccessFixedExt autoNotLost boolean parameter is documented as meaning "Determines if an emergency password assigned to a user is automatically deleted when that user successfully authenticates".
ResolutionThe GUI checkbox is actually equivalent to the API parameter.  When the checkbox is unchecked, or if API Sd_EmergencyAccessFixed is used, or if API Sd_EmergencyAccessFixedExt is used with autoNotLost set to false then the actual token cannot be used before or after the emergency fixed password expired without admininstrative action.  I.e. lost status can only be cleared via host or remote admin GUI.

On the other hand, if the GUI checkbox is checked or if autoNotLost is set to true via API Sd_EmergencyAccessFixedExt then the actual token can be used before or after the fixed password expires.  Successful authentication with the token will delete the emergency password and remove the lost status.
Legacy Article IDa38004