Generate ad hoc reports for tokens attributes with software token profile names in RSA Authentication Manager 8.x
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.5 or later
Platform: SUSE Linux Enterprise
O/S Version: SUSE Linux 12 SP4 or later
Product Description: RSA SecurID Appliance
Issue
Then they require to run a report with token serial numbers with its software token profile distributed to find how many users are pending.
The software token profile category is not available in the default RSA Authentication Manager report templates. The only way to check on this detail from the Security Console is by opening the token dashboard from the Security Console (Authentication > SecurID Tokens > Manage Existing).
Resolution
1. Launch an SSH client, such as PuTTy.
2. Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.
3. Enter the following command to get the database password:
rsaadmin@am87p:> cd /opt/rsa/am/utils/ rsaadmin@am87p:> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password> com.rsa.db.dba.password: AbcdEfgh1jklmn0pqr5tuvwxyZNote: The database password will be different for each installation of RSA Authentication Manager.
4. Use the following queries to generate a report with the token attributes and software token profiles:
rsaadmin@am87p:> cd /opt/rsa/am/pgsql/bin/ rsaadmin@am87p:> ./psql -h localhost -p 7050 -d db -U rsa_dba -c "COPY ( SELECT ipd.loginuid, iis.name identity_source,amt.serial_number token_serial_number,amt.token_shutdown_date token_expiry_date_utc,amt.token_code_length,amt.token_code_interval,tp.name profile_name FROM rsa_rep.ims_principal_data ipd INNER JOIN rsa_rep.ims_identity_source iis ON iis.id = ipd.identity_src_id LEFT JOIN rsa_rep.am_token amt ON amt.principal_id = ipd.id LEFT JOIN rsa_rep.am_sw_token_profiles tp ON amt.sw_token_profile_id = tp.id where amt.terminate_date is not null AND amt.token_shutdown_date <= '2027-02-28 00:00:00.000') TO STDOUT WITH CSV HEADER" > /tmp/SWprofileTokens_report.csv Password for user rsa_dba: <enter the com.rsa.db.dba.password string from above>This query generates a report of tokens with software token profile names that shut down before a specific expiration date.
In the example below, the date is 28 February 2027 and can be changed to any date.
loginuid identity_source token_serial_number token_expiry_date_utc token_code_length token_code_interval profile_name testadmin Internal Database 000008888979 2026-07-06 00:00:00 8 60 androidCTF rsatest Internal Database 000008888980 2026-07-06 00:00:00 8 30 Test30SecondsCTF
The report output SWprofileTokens_report.csv is saved in /tmp. You can copy the report using the WinSCP application to your local PC and view them using any text editor or spreadsheet applications.
Related Articles
Authentication Manager Log Messages (16101-16160) Number of Views Manage Identity Providers Number of Views Managing Authenticators for Self-Service Users Number of Views Integrating Vormetric Data Security Manager with RSA Authentication Manager 8.x Number of Views Generating a report to list unassigned tokens in RSA Authentication Manager 8.x Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Unable to find valid certification path error when logging on to Help Desk Admin Portal (HDAP) and Self-Service Portal (SS… RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
