How to select all users who don't have tokens to assign tokens in bulk
we are using RSA AM 8.1 SP1. We have a set for 1200 user who have tokens assigned already.
Now I need to assign software tokens to 400 more. When I go to select users to assign tokens to I don't have filter to select only those who don't have tokens assigned.
Do I miss something?
Is there any way to select such users?
- assigning tokens
- Auth Manager
- Authentication Manager
- authentication manager 8.1 sp1
- Community Thread
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
- rsa securid am
- SecurID Token
In the security console, no.
Probably the best thing to do is run a report for users with no tokens, and output it as csv,
then tune it to become an AMBA input file for assigning tokens
AMBA (auth manager bulk admin) using csv input files
a) run a security console report for all users, and choose 'has tokens assigned NO'
run report, save as csv, you now have a list of userids without tokens assigned, and can remake this csv
into a new csv for input into AMBA to assign tokens
b) if the users are in active directory,
and you have never 'touched' the user account yet, the report from (a) will not show any of these users.
You need to do something (some or any administrative action) in the RSA security console with the AD user accounts to make the RSA server 'register' the user as something that can be reported on
Here is a simple thing to do for that 'administrative action': put them in a group, and take them out later
b1) security console, identity, user groups, create a new group in the internal database...move-grp
b2) security console, identity, users, manage existing,
list your AD users (up to 500 at a time on screen), select all with the upper checkbox, and chose the upper
dropdown selection box 'add to user groups', and add them to the new group you created move-grp
b3) repeat in batches of 500 users until all users you want to show up in the report have been put in that
b4) run your all users report again no tokens assigned, (you do not need to specify anything about that group
in the report) and now all the AD users you just 'administratively touched' and have no token assigned will now show up in the report
(and report output is exportable as csv)
b5) go to identity, user groups, manage existing, and look at the members of the move-grp
and you can remove them from the group (in batches of 500)
your reply is much appreciated! Great thanks!
At the moment we don't have AMBA bought but you gave me the right way towards. At least I will prepare a helpful report as described above.
It's a pity that in the base config there is no even filter for users where Last authentication = never that would be enough for me. It gives only after/before, is on/not is on in the drop-down list.