Tokens distributed using CT-KIP URL used to be imported in SecurID Authenticator 6.x for Windows are sent with activation code via e-mail after automatically/being approved by system/superadmins
2 years ago
Article Number
000068249
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager, SecurID Authenticator 6.x for Windows
Issue
After requesting a software token that should be distributed using software token profile with Delivery Method [CT-KIP URL] from the self-service console and the super admin approve it or if it is approved automatically, the user recieved an e-mail with instructions on how to import this token WITH the activation code in case of using Device Types:
1. Desktop PC 4.x
2. SecurID Authenticator for Windows 6.x
Software Token Profiles. However, based on this KB article <Unable to Import SecurID Tokens via CT-KIP URL to the Windows SecurID Authenticator 6.x >, NO activation code is required to import software tokens in SecurID Authenticator for Windows 6.x .

- Email recieved by the user if the token is distributed using delivery method 'CT-KIP URL' and device type 'Desktop PC 4.x' - Old App
Old App_1.jpg

- Email recieved by the user if the token is distributed using delivery method 'CT-KIP URL' and device type 'SecurID Authenticator for Windows 6.x' - New App
New App_1.jpg
As per the last 2 images, there is no difference except in the URL as both e-mails contain the activiation code associated with the CT-KIP URL.
Cause
While sending the emails to the users, the e-mail notification template in Security Console > Setup > Self-service settings > Provisioning > Edit Workflow policy > Software Token > E-mail Notification Templates does not differentiate between the usage of Desktop PC 4.x and SecurID(R) Authenticator for Windows 6.x as the same template is being used for both cases. 
Resolution
Modify the E-mail Notification Templates to include SecurID(R) Authenticator for Windows 6.x to differentiate between the usage of RSA old and new authenticator apps.

Here are the steps:
1. Log on to the security console as a super admin
2. Navigate to Setup > Self-service settings > Provisioning > Edit Workflow policy > Software Token > E-mail Notification Templates
3. You have two options:
   a. If you did not do any modifications before to this template, download the attached text file and replace the content of E-mail Notification Templates in the security console  with that in the attached text.
   b. If you did  modification before to this template, Copy the template in a notepad and add those line to the current template above this line "#elseif( ${MailComposer.TokenTypeCtkip} )"

The lines to be added in notepad:
#elseif( (${MailComposer.TokenTypeCtkip}) && (${MailComposer.TokenType} == "SecurID(R) Authenticator for Windows 6.x"))
        2. Use this link to import your token:${MailComposer.NL}${MailComposer.NL}
        ${MailComposer.CtkipURL}${MailComposer.NL}${MailComposer.NL}
  
After that copy the content of the notepad and paste it in the Security Console > Setup > Self-service settings > Provisioning > Edit Workflow policy > Software Token > E-mail Notification Templates 

4. Click on 'Save & Finish'

Email recieved by the user if the token is distributed using delivery method 'CT-KIP URL' and device type 'Desktop PC 4.x' - Old App
Old App_2.jpg.jpg

- Email recieved by the user if the token is distributed using delivery method 'CT-KIP URL' and device type 'SecurID Authenticator for Windows 6.x' - New App
New App_2.jpg

Emails sent to users contain the software tokens distribution link using CT-KIP URL and Device Type SecurID Authenticator for Windows 6.x contains NO activation codes.
Attachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).

Related Articles

Trending Articles

Don't see what you're looking for?