Restrict the Number of Active Tokens per User

You can change the maximum number of active SecurID tokens allowed per user. The default limit is three active tokens for each user. Tokens that are managed in the Cloud Access Service (CAS) do not count towards the three token limit.

Before you begin 

Operations Console administrator credentials are required.

Procedure 

1. Log on to the appliance using an SSH client.

2. Change directories:

   cd /opt/rsa/am/utils

3. Run one of the following commands:

   • To set the limit for active tokens per user, type the following, and then press ENTER:

     ./rsautil store -a add_config auth_manager.admin.maximum_usable_tokens <1> GLOBAL 501

     where <1> is an integer from 1 to 3 that specifies the maximum number of active tokens per user. For values outside the range [1,3], AM uses the default limit of three active tokens.

   • To change the limit after setting it for the first time, type the following, and then press ENTER:

     ./rsautil store -a update_config auth_manager.admin.maximum_usable_tokens <1> GLOBAL 501

     where <1> is an integer from 1 to 3 that specifies the maximum number of active tokens per user. For values outside the range [1,3], AM uses the default limit of three active tokens.

4. When prompted, enter your Operations Console administrator User ID, and press ENTER.

5. When prompted, enter your Operations Console administrator password, and press ENTER.

6. Restart all AM services on the primary instance and all replica instances:

   cd /opt/rsa/am/server

   ./rsaserv restart all