Import a Token Record File

RSA provides an XML file that contains the token records that your organization has purchased. Before you can work with individual token records, you must import the token record XML file into Authentication Manager. All imported tokens are automatically disabled until the tokens are assigned by an administrator. Only enabled tokens can be used for authentication. This security feature protects the deployment if the tokens are lost or stolen.

For hardware tokens, each token record in the file corresponds to a hardware token that your organization has purchased.

For software tokens, token record data will eventually be transferred into a software token application. Each token record contains the token seed and metadata such as the token serial number, expiration date, and the tokencode length and interval.

If you import the same XML token record file twice, for example, because you accidentally deleted a token from the database, when you re-import the XML token record file containing the deleted token, the other tokens will be duplicates. You can choose to handle duplicates in one of two ways:

  • Ignore duplicate tokens. All tokens are imported except for duplicates.

  • Overwrite duplicate tokens. In this case, most duplicates are overwritten. The following exceptions are ignored and not overwritten:

    • Tokens assigned to administrators.

    • Tokens that the current administrator does not have permission to view, for example, if they are outside his or her administrative scope.

    • Tokens that have been replaced or that have replaced another token.

    • Tokens that have been synchronized to Authentication Manager from the Cloud Authentication Service.

Before you begin

  • Decide which security domain will own the imported tokens. The security domain must be in the administrative scope of the administrator who will deploy and manage the tokens.

  • Your administrative role must permit you to manage tokens.


  1. In the Security Console, click Authentication > SecurID Tokens > Import Tokens Job > Add New.

  2. Enter a name for the import job. The job is saved with this name so that you can review the details of the job later. The name must be from 1 to 128 characters. The characters & % > < are not allowed.

  3. From the Security Domain drop-down menu, select the security domain into which you want to import the tokens. The tokens are managed by administrators whose scope includes this security domain. By default, tokens are imported into the top-level security domain.

  4. Browse to select the token files that you want to import.

  5. In the File Password field, enter a password if the file is password protected.

  6. Use the Import Options radio buttons to specify handling for duplicate tokens.

    If you have extended the lifetimes of software tokens, select Ignore all duplicate tokens to keep the extended token expiration dates.

    Note: Overwriting tokens that have extended lifetimes or tokens that were used to extend token lifetimes restores the original token expiration dates. The overwriting option also restores duplicate tokens that were deleted because they were used to extend another token’s lifetime.

    To view a list of extended lifetime software tokens, in the Security Console, click Authentication > SecurID Tokens > Manage Existing. The Extension Token column lists the serial numbers of the tokens that were used to extend other tokens.

  7. Click Submit Job.

After you finish