Replace a Token for a User

Occasionally, you must assign a new token to a user. For example, you must assign a new token to a user whose existing token has been permanently lost or destroyed. A user also needs a new token if his or her current token has expired. Use this procedure to replace tokens with a specific unassigned token.

Replaced tokens are either unassigned or deleted from the deployment, depending on your configuration.

Instead of replacing an expired software token that was distributed in RSA Authentication Manager 8.2 or later, you can provide a new expiration date and avoid having to provision and distribute the token again. You cannot extend the expiration date if the token is already being replaced. For more information, see Software Token Lifetime Extension.


  1. In the Security Console, click Authentication > SecurID Tokens > Manage Existing.

  2. Use the search fields to find the tokens that you want to replace.

  3. Select the checkbox for the tokens that you want to replace.

  4. From the Action menu, click Replace SecurID Tokens.

  5. Click Go.

  6. Click the checkbox next to the replacement tokens.

  7. Click Next.

  8. (Optional) Click the checkbox to require the assigned user to set up a new SecurID PIN for the replacement token.

  9. Click Save & Finish.

Related Concepts

RSA SecurID Tokens