This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA SecurID® Access Discussions

Browse the SecurID Access discussion board to get product help and collaborate with other users of SecurID Access.
PrasantNair
Beginner
Beginner
‎2018-06-25 01:31 PM

RSA AM 8.1 harware Tokens Exipiry & Adding New Ones

Hi - We have RSA AM 8.1 under support. Current set of hardware tokens have support expired. Those users who were assigned tokens are able to work normally. But when we try to assign another token it does not work.  This is the current behavior. So we ordered a net set of tokens.

 

I have the following questions:-

1) Can the old set of tokens that are currently working coexist with the new ones?

2) Do we have to import new token file for the new set of hardware tokens or can we do a simple replacement of old to new?

 

Regards

Labels (1)
Labels
0 Likes
Reply
2 Replies
EricaChalfin
Employee
Employee
‎2018-06-25 05:56 PM

Prasant Nair‌,

 

1) Can the old set of tokens that are currently working coexist with the new ones?

Yes, you can import new tokens into your Authentication Manager server.  The tokens that have not yet expired will continue to work, as will the new tokens.  See the  Video Link : 26531for information on how to decrypt the new token media.

2) Do we have to import new token file for the new set of hardware tokens or can we do a simple replacement of old to new?

Yes, you will need to import the new token seed media for your new hardware tokens via the Security Console, assign the new tokens to the users and make sure they are  delivered to the end users in a secure fashion. 

Let's say you have a user named Alice who has hardware token 000111111111 assigned to her. This token will expire on 30 June 2018.  You assign her token 000222222222, which will expire on 31 December 2025.  (use the online help for steps to replace a token).  When you create a replacement token, it sets a flag in the database noting the original token and the replacement.  When Alice receives her new token, she can keep using her old token until 30 June 2018 then use 000222222222222.  Alternatively, she can start using 000222222222222 immediately.  If she does, it will disable 000111111111111 at her first authentication with the new token.

See Import a Token Record File for the steps.  Please also see this article on how to Assign a Hardware Token to a User in the User Dashboard.

Regards,

Erica

0 Likes
Reply
PiersB
Employee
Employee
‎2018-06-26 02:59 PM

To expand on Erica's reply, assigning the new tokens as a replacement allows the user's to keep their PIN. They will simply authenticate with the replacement token (using the PIN from their old token) and Authentication Manager will unassign the old (replaced) token from the user. There are also policy settings that can be used to have the tokens automatically deleted from the database after replacement completes. You can find this under "Setup > System Settings > Tokens" and look for the checkbox "Automatically delete replaced tokens" under the "Token Assignment" section.

 

It is possible to assign a second token to end-users, but this has a number of drawbacks. The new (second) token will require a new PIN be assigned (i.e., the user will have to know to just enter the tokencode when performing the first authentication with the new token), and the user's expiring token would also remain assigned to the user until unassigned by an administrator.

Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.