I couldn't find a mechanism to do it, but one manual way of doing it is by going to Security Console > Authentication > SecurID Tokens > Manage Existing:

To get a list of the assigned tokens, ensure the Assigned tab is selected and change Show Per Page value to 500 (that's the max) and drag-copy the columns from top to bottom and paste that selection into Excel. If you have more than 500 tokens, do the same to the next page of tokens, etc. Then in Excel to fix a formatting issue, highlight the column with the serial numbers, right-click and change Format Cells to General to prevent Excel from misinterpreting the serial number values. To get a list of the unassigned tokens, go back to the Manage Existing screen in the Security Console as above, and ensure the Unassigned tab is selected and perform the same steps to place that list into Excel.

@kamleshpatel87134 (Adani Enterprise Ltd)​ ,

If there is not a canned report in the Security Console, then you will need to run a custom SQL query against the database for a list of users who do not have an authenticator assigned to them. You can run a tool like pgAdmin to get a list of tables and fields in the database so you can build a query.

Use this article for information on how to connect to and to query the Authentication Manager 8.x database.

Some sample queries include:

SELECT serial_number FROM rsa_rep.am_token limit 10;

SELECT am_token.token_type, am_token.serial_number, am_token.imported_on, am_token.assigned_by, am_token.extend_token_sn, am_token.orig_token_shutdown_date, am_token.tokenextend_updated_date, am_token.extension_mode, am_token.token_shutdown_date FROM rsa_rep.am_token;