000033752 - Unassigning Tokens from User IDs using Authentication Manager Bulk Administration (AMBA) on RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Aug 20, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000033752
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueAn administrator has a requirement to perform bulk administration for unassigning tokens from User IDs in the authentication manager database.
ResolutionRSA Authentication Manager Bulk Administration (AMBA) is an RSA Professional Services developed application that supplements administrative features of the RSA Authentication Manager 8.0 product line. This custom application (utility) enables Authentication Manager Server administrators to perform bulk administration functions from the command line interface or in a background mode through scheduled scripting.
This article assumes that Authentication Manager Bulk Administration (AMBA) is already installed and the administrator has access to the command line with the rsaadmin account.
AMBA Action - Rescind (RT)
User-added image
..instead of using AMBA Action (UT) - Unassign Token (as this may delete the user under certain conditions)
User-added image
An Example of a Token Serial Number Specified to be Unassigned from the assigned User ID
NOTE: User ID rsatest has token serial number 000132251681 already assigned in the authentication manager database.
  1. Logon with the rsaadmin account and enter the rsaadmin password when prompted
  2. Navigate to the /opt/rsa/am/utils folder
  3. Create a file called AMBA_actions.txt 
  4. For this example; copy'n'paste the lines below into AMBA_actions.txt and save the file. For your own usage supply the token serial numbers you wish to unassign from User IDs in your own authentication manager database.


  1. Enter the following command from the /opt/rsa/am/utils folder

./rsautil AMBulkAdmin -i AMBA_actions.txt -o outputlog --verbose -a [superadmin] -P [password] --lic 11307-2014.lic

NOTE: 11307-2014.lic is the AMBA license file for RSA CS APJ and customers will have a different filename for the AMBA license file. Substitute [superadmin] and [password] with the super admin credentials for the Security Console.
Contents of outputlog:
BOJ    : 2016-08-10 11:44:05 - 1.5.0 Build 105 - License expires at midnight on 2035-12-31 - Input = AMBA_actions.txt
Info   : 2016-08-10 11:44:05 - License Number: 11307-2014 - Issued To: RSA CS APJ - Issued On: 03/23/2014
Info   :                                                                -Output Log File Opened
Info   :                       Line     1                               -Header Line
Info   :                                                                -Entering rescindToken
Success: 2016-08-10 11:44:06 : Line     2 - rescindToken                -000132251681
Info   :                                                                -Leaving rescindToken
Info   :                       Line     3                               -Empty Line; Ignored
Info   :                                                                -Closing input file
Info   :                                                                -Closing rejected actions file
Info   :                                                                -Closing unsupported actions file
Info   :                                                                -Log File Closed
Info   :                                                                -Exit code: 0
EOJ    : 2016-08-10 11:44:06 - Terminating

Real-time Administration Activity Monitor reports activity; for this example:
User-added image
NotesRSA Authentication Manager Bulk Administration 1.5 (AMBA) is available with RSA Authentication Manager 8.1 where the deployment is using an Enterprise license whereas RSA Authentication Manager Bulk Administration 1.6 (AMBA) is available in the RSA Authentication Manager 8.2 Extras file.