Software Token Lifetime Extension

Document created by RSA Information Design and Development on Jun 13, 2017Last modified by RSA Information Design and Development on Jun 13, 2017
Version 2Show Document
  • View in full screen mode

An administrator who has permission to assign tokens can extend the lifetime of a distributed software token that has expired or is due to expire soon. By extending software token lifetimes, you can avoid replacing expired software tokens on user devices, such as mobile phones, tablets, and PCs. Software token provisioning only needs to occur one time on each user device. RSA Authentication Manager determines the token expiration date for the extended token, and Authentication Manager assumes full administrative control over whether an extended token is available for authentication.

For example, a token that will expire in 15 days can be extended so that it will not expire for another 2 years. An unassigned token that expires in 2 years provides a new expiration date to the distributed token that was expiring in 15 days, and the unassigned token is deleted. The original, distributed token on the user device receives an extended lifetime in Authentication Manager.

Software token lifetime extension is transparent to users. No processing steps are required on user devices, and RSA SecurID authentication continues as usual.

Extending the software token lifetime does not prevent a software token license from expiring. If a software token license expires, the software token continues to generate tokencodes, but authentication cannot occur until a new software token license is applied in Authentication Manager.

Only software tokens that were distributed in RSA Authentication Manager 8.2 or later can be extended. The following tokens cannot be extended:

  • Hardware tokens.

  • Software tokens that are not distributed to users.

  • Active or expired software tokens that were distributed in an Authentication Manager version earlier than version 8.2.

  • Evaluation software tokens that have a serial number in the range 000000000001 to 000000000025. These tokens are provided for use with the evaluation license.

  • Software tokens that are already being replaced or extended. However, a token can be extended for a second time when it is close to its expiration date.

  • Software tokens that are not yet expired or are not yet close enough to their expiration date. The default value is 15 days. You can change this value. You change the number of days before the expiration date during which a software token can be extended.

    For more information, see Configure Software Token Extension Parameters.

  • RSA SecurID Authenticate Tokencodes cannot be extended.