Error while importing token on Android device using QR code
I have recently installed webtire in our env. to activate the soft token feature. In the software token profile, Android profile is in place with Dynamic Seed Provisioning delivery method and "User imports token via QR code in Self-Service Console" option is selected.
But when I am trying to import soft token on my Android device (connected to mobile internet) using QR code shown on service portal, I am getting an error "Token import failed. Contact you Administrator".
What could be the possible cause for this issue?
- am prime
- Community Thread
- Forum Thread
- Prime Offering
- qr code
- RSA SecurID
- RSA SecurID Access
- RSA SecurID Access Prime
- SecurID Access Prime
- Soft Token
The most likely cause of this is that your mobile device cannot connect to the AM server. This is nearly always the case and is in fact recommended. RSA recommends placing AM in a protected network, not in a DMZ. The recommended approach is to deploy a WebTier server in your DMZ to provide external access for your mobile devices. The WebTier will then connect to your AM server providing a layer between the internet and AM.
For more information about deploying a WebTier server, review chapter 5 in the setup and configuration guide which you can download from here. https://community.rsa.com/docs/DOC-99426
Thanks for your reply, few things here, my AM is running on Linux based template provided RSA and not sure if it is DMZ or in normal network. Second thing is, I have installed Webtire on Windows server which is again not in DMZ (Not sure what I need to do to make it DMZ as we are not using such a concept) and another thing is, or SSP is not accessible from internet so not sure if we can import tokens if SSP is not accessible form internet.
The QR code contains the same https:// link as if you generated a CTKIP URL. Your device need to be able to reach either the RSA Authentication Manager self-service console on tcp port 7004, or the webtier [on the tcp port you specified in the web tier setup in the operations console]. The QR code/CTKIP URL can be either the self-service or web tier [as both will work if they can be reached], but perhaps your device cannot reach one or the other on the network.