Enabled and Disabled Tokens

Document created by RSA Information Design and Development Employee on Jun 13, 2017Last modified by RSA Information Design and Development Employee on Dec 4, 2020
Version 16Show Document
  • View in full screen mode

An enabled token can be used for authentication. A disabled token cannot be used.

After Authentication Manager is installed, tokens must be imported into the deployment. All imported tokens are automatically disabled. This security feature protects the deployment if the tokens are lost or stolen.

Tokens are automatically enabled when they are assigned by an administrator.

Tokencode-only software tokens that are provisioned through Self-Service are disabled by default. Users can enable these tokens through the Self-Service Console.

A disabled token does not lock a user’s account. Lockout applies to a user’s account, not to a user’s token. Disabling a token does not remove the user’s account from the deployment. You can view disabled tokens using the Security Console.

You can enable and disable tokens only in security domains that are included in your administrative scope.

You should disable an assigned token in the following situations:

  • Before a hardware token is mailed to a user. Re-enable the token after you know that it has been successfully delivered to the user to whom it has been assigned and the user is ready to use it.

  • If you know that a user does not need to authenticate for an extended period of time. For example, you may want to disable a token before a user takes a short-term leave or an extended vacation. After you disable the token, that user cannot authenticate with that token until it is re-enabled.






Previous Topic:Assign Tokens to Users
Next Topic:Enable a Token
You are here
Table of Contents > RSA SecurID Tokens > Enabled and Disabled Tokens