• Change token policies on a subset of users
• Change policies to users in phases

Changing a policy assigned to a Security Domain changes the policy for all users in the Domain. It is not possible to change a policy for a subset of users in a Security Domain. However, it is possible to effectively change a policy on a subset of users by moving those users to a new Security Domain with the changed policy.

If a policy is assigned to more than one Security Domain and you want to change the policy for only one of the Security Domains, duplicate the existing policy. Then make the necessary changes to the duplicate policy, and assign it to the Security Domain you want to change.

1. Open the Security Console and go to Administration > Security Domains > Manage Existing.
2. The existing Security Domains are listed and each can be viewed to show the currently assigned policies.

1. Go to Authentication > Policies >Token Policies > Manage Existing.
2. Edit the policy to which you want to make a change.
3. Click Save when done.
4. Apply the token policy to a security domain.

If the policy is assigned to several Security Domains and you want to make a change to the policy for only some of the Security Domains,

1. Go to Authentication > Policies >Token Policies > Manage Existing.
2. Click on the policy and select Duplicate.
3. Select the desired options on the duplicate policy and click Save.
4. The policy can now be assigned to the Security Domains to which you want to make changes.

1. Open the Security Console and go to Identity > Users > Manage Existing.
2. Search for users, using the filters to select the subset of users you want to move.
3. Check the box next to the users you want to move, and use the pull-down at the top of the screen to select Move to Security Domain....
4. Click Go.
5. On the next screen, select the new Security Domain.
6. Click Move.

IMPORTANT:  Administrators who are scoped to only have access to the previous Security Domain will not have access to the new Security Domain.