Enabled and Disabled Tokens

An enabled token can be used for authentication. Tokens that are not assigned to users are disabled. Tokens are automatically enabled when they are assigned by an administrator. You can enable and disable tokens only in security domains that are included in your administrative scope.

Tokencode-only software tokens that are provisioned through Self-Service are disabled by default. Users can enable these tokens through the Self-Service Console.

A disabled token does not lock a user’s account. Lockout applies to a user’s account, not to a user’s token. Disabling a token does not remove the user’s account from the deployment. You can view disabled tokens using the Security Console.

You should disable an assigned token in the following situations:

  • Before a hardware token is mailed to a user. Re-enable the token after you know that it has been successfully delivered to the user to whom it has been assigned and the user is ready to use it.

  • If you know that a user does not need to authenticate for an extended period of time. For example, you may want to disable a token before a user takes a short-term leave or an extended vacation. After you disable the token, that user cannot authenticate with that token until it is re-enabled.

Enable or Disable a Token

Before a user can authenticate with an assigned token, you must enable the token. A disabled token cannot be used to authenticate.


  1. In the Security Console, click Authentication > SecurID Tokens > Manage Existing.

  2. Click the Assigned or Unassigned tab to view the list of tokens that you want to enable or disable.

  3. Select the checkbox next to the tokens that you want to enable or disable.

  4. From the Action menu, click Enable or Disable.

  5. Click Go.