SecurID Hardware Tokens

You can assign SID700 hardware tokens to Cloud Authentication Service users and manage the tokens in the Cloud Administration Console. These tokens provide two-factor authentication, where users enter a PIN (something the user knows) plus a tokencode (something the user has). The tokencode changes at regular intervals.

During authentication, the Cloud Authentication Service validates the tokencode and PIN, similar to other cloud-based authentication methods. These tokens can be viewed and managed only from the Cloud Administration Console. You do not need to deploy an SecurID Authentication Manager server.

Note: You must ask SecurID to enable this functionality for your deployment.

These tokens can be used for offline authentication if your company deploys the latest version of MFA Agent for Microsoft Windows or MFA Agent for macOS to users. For more information, see Using SID700 Hardware Tokens for Offline Authentication.

Each user is permitted to have one active SID700 hardware token that is managed in the Cloud Administration Console. Users can register and activate their tokens on My Page.

For instructions, see:

Deploy SID700 Hardware Tokens to Users

Perform these steps:

  • Step 1: Obtain SID700 Hardware Tokens from SecurID

    1. Request SID700 hardware tokens from SecurID Sales or your partner. You will receive a packet containing the tokens and encrypted token record files.

      If you plan to use SID700 hardware tokens that were previously ordered and shipped, make sure you have the decrypted token record files.

    2. Follow the instructions in the packet to decrypt the token record files.

      During decryption, an import password is generated for each file. Make sure you have these passwords when you upload the token record files to the Cloud Authentication Service.

      Note: Trial tokens may not require a password.

    Step 2: Upload Decrypted Token Record Files to the Cloud Authentication Service

    1. In the Cloud Administration Console, click Users > Hardware Tokens.

    2. Click Upload Hardware Tokens.

    3. Click Choose File and browse to the file you want to upload.

    4. If required, enter the import password that was created for the file during the decryption process.

    5. Click Upload.

    You can view the total number of the uploaded hardware tokens and the total number of unassigned hardware tokens in the Hardware Tokens page.

    Step 3: Configure Token Settings for Your Deployment

    Configure settings that affect how hardware tokens are used in your deployment, including PIN requirements. See Configure Tokencodes for instructions.

    Step 4: Configure Email Notifications for Your Deployment

    To help increase security, you can configure the Cloud Authentication Service to automatically send a confirmation email to users after they register their SID700 hardware tokens. For instructions, see Configure Email Notifications

    Step 5: Distribute Tokens to Users

    To distribute SID700 tokens to users:

    1. Send an unassigned token to each user.

    2. Instruct users to go to My Page to register their tokens and test authentication.

    If preferred, you can assign a token to each user before distribution. Upon receiving their tokens, users must go to My Page to activate the preregistered tokens and test authentication.

    Delete Expired Hardware Tokens

    This task deletes all expired hardware tokens from the Cloud Authentication Service. These tokens cannot be used for authentication.

    1. In the Cloud Administration Console, click Users > Hardware Tokens.

    2. From the Hardware Token Actions dropdown menu, click Delete Hardware Tokens.

    3. Under Delete All Expired Hardware Tokens, click Delete.

      This operation may take several minutes to complete, depending on how many expired tokens are being deleted.

    Manage Users' Hardware Tokens

    See Description
    Clear a Hardware Token PIN for a User You can clear the PIN if the user has forgotten the PIN or the PIN is compromised. Before using the hardware token, the user must go to My Page and set a new PIN.
    Disable or Enable a Hardware Token Registered tokens are automatically enabled. You can unassign a disabled token.
    Unassign a Hardware Token from a User Unassigning the hardware token prevents the user from using it to authenticate.
    Delete a User's Hardware Token Delete a hardware token file from the Cloud Authentication Service.

    Unlock All Tokencodes for a User

    Unlock a user's SMS, Voice, Authenticate, and hardware tokens.

    View Hardware Token Information

    See Description
    Usage Information

    View hardware token usage statistics for your deployment on the Cloud Administration Console dashboard.

    Run Reports The the Hardware Token Information report to see information for each hardware token that is uploaded to the Cloud Authentication Service.

    To access Help for end users, see SecurID Hardware Token.