Replace a Token with the Next Available Token

Occasionally, you must assign a new token to a user. For example, you must assign a new token to a user whose existing token has been permanently lost or destroyed. A user also needs a new token if his or her current token has expired. Use this procedure to replace a token with a specific unassigned token.

Replaced tokens are either unassigned or deleted from the deployment, depending on your configuration.

Instead of replacing an expired software token that was distributed in RSA Authentication Manager 8.2 or later, you can provide a new expiration date and avoid having to provision and distribute the token again. You cannot extend the expiration date if the token is already being replaced. For more information, see Extending Software Token Lifetimes.


  1. In the Security Console, click Identity > Users > Manage Existing.

  2. Use the search fields to find the user whose token you want to replace.

  3. From the search results, click the user whose token you want to replace.

  4. From the context menu, click SecurID Tokens.

  5. Click the token that you want to replace.

  6. From the context menu, select Replace with Next Available Token.

  7. Deliver the replacement token to the user. The user may begin using the new token immediately.

Related Concepts

SecurID Tokens