Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
StephenJeon
Contributor
Contributor

Expired Soft Tokens on Mobiles?

Jump to solution

Hi, I was wondering what happens to expired soft tokens on a mobile device. Does the file remain on the user's phone and the user then has to manually delete it or does the SecurID application take care of that when the expiry occurs? Obviously the user has to replace that token on RSA but in terms of the already imported soft token what happens to it once the expiry date hits and it is in the user's phone?

0 Likes
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

The token remains in the application on the phone until one or both are removed from the phone.

If the Token was distributed from Authentication Manager, AM 8.2 SP1 or later, the expiration or death date on the phone shows as Dec. 31 2035 - which means this token can be extended at the AM server by applying another token, thereby avoiding the need to distribute and deliver a replacement token to the phone.

Whether or not this token can actually be used to authenticate a user is entirely dependent on actions taken at the AM server (assuming version AM 8.2 SP1 or later).

View solution in original post

4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

The token remains in the application on the phone until one or both are removed from the phone.

If the Token was distributed from Authentication Manager, AM 8.2 SP1 or later, the expiration or death date on the phone shows as Dec. 31 2035 - which means this token can be extended at the AM server by applying another token, thereby avoiding the need to distribute and deliver a replacement token to the phone.

Whether or not this token can actually be used to authenticate a user is entirely dependent on actions taken at the AM server (assuming version AM 8.2 SP1 or later).

Thanks for the reply. 

 

Reason why I ask is we have some users who want to simplify the process and having to manually delete soft tokens off their phone is too cumbersome. We currently run version AM 8.6.x so the replacement feature can work but when it kicks in does that auto delete the old expired token off their phone or simply add another one to the phone?

0 Likes

Sorry meant version 8.3.x

0 Likes

Possibly the simplest approach would be to extend the already imported into the phone Token Serial # from the AM Server, assuming you want this user to continue authenticating using this Smart phone.  The Authentication Manager Administrator applies the later expiration date from one software token to another software token that is approaching or just past expiration.

SC-Auth-Tokens-Extend.png

But the Token needs to show as extendable in the Security Console.

 

If you want user to continue authenticating using this Smart phone but the token is not extendable, you can assign the user a replacement token, which retains the users current PIN but needs to be distributed from the Security Console and imported into the User's Smart phone.  At this point the user has two tokens, the original one works until the replacement one is successfully used once.  After the replacement token is used, you can delete or remove the original token from the phone.  RSA has no remote application or utility that can do this, so you would have to delete the token from the Token application itself, like this screen shot from the Windows Software Token App

SWTDT_manage.png