CalebMyhra91730 (Customer) asked a question.

June 6, 2024 at 2:23 PM
Bulk Token Replacement

RSA SecurID Hardware Token Replacement Best Practices Guide (theether.net)

 

I found this old guide from 2011 which has scripts for bulk token replacement, I just got access to the community and have tried finding anything similar or newer but have not. What I'm interested in is scripts to bulk replace tokens that are expiring using a csv, and I would expect that there would be better solutions by now but I haven't found anything on it. If anyone has any info that would be great, thanks!

  • 4 answers
  • 352 views

  • johnneset (Customer)

    Seems we got this w/ a lil ingenuity & perserverence!

     

    AMBulk came to the rescue!

    Instructions were horrible regarding using the AMBulkAdmin cmd & was quickly into error 2204, but thankfully found the substantially better article on AMBulkAdmin cmd-Article Detail (rsa.com)

    Note-don't forget that you're authing to shell as rsaadmin, but need to also leverage superadmin acct auth to pass the cmd.

     

    flat file .csv containing just this

    Action,TokSerial,ReplTokSerial,TokEnabled,PinMode

    REPT,*oldkeyfobSN*,*newkeyfobSN*,1,0

    Expand Post
    Selected as Best

  • johnneset (Customer)

    Seems we got this w/ a lil ingenuity & perserverence!

     

    AMBulk came to the rescue!

    Instructions were horrible regarding using the AMBulkAdmin cmd & was quickly into error 2204, but thankfully found the substantially better article on AMBulkAdmin cmd-Article Detail (rsa.com)

    Note-don't forget that you're authing to shell as rsaadmin, but need to also leverage superadmin acct auth to pass the cmd.

     

    flat file .csv containing just this

    Action,TokSerial,ReplTokSerial,TokEnabled,PinMode

    REPT,*oldkeyfobSN*,*newkeyfobSN*,1,0

    Expand Post
    Selected as Best

    • EricaChalfin (RSA)

      @johnneset (Customer)​ ,

       

      Back in the day, Authentication Manager Bulk Admin (AMBA) was a purchasable addon to Authentication Manager and the documentation only available to those customers who purchased it. Now it's available to all customers with an Enterprise license.

       

      I am glad you got the bulk token replacement done. Which AMBA command did you use?

      Expand Post

      • johnneset (Customer)

        I have a rule in my outlook for this community noise so didn't see your response!

        Here's our devised steps that we took-

        cd /opt/rsa/am/utils

        ./rsautil AMBulkAdmin -i keyfobbers.csv -a superadmin -P

         

        flat file .csv upload to /opt/rsa/am/utils

        Columns & values leveraged for the flat file .csv upload-

        Action,TokSerial,ReplTokSerial,TokEnabled,PinMode

        REPT,*old keyfob*,*new keyfob*,1,0

        Expand Post

      • EricaChalfin (RSA)

        @johnneset (Customer)​ ,

         

        Thank you for the update! I promise, we won't be offended that the RSA Community wound up falling prey to a rogue Outlook rule. It happens to the best of us 😄

Don't see what you're looking for?