This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TylerN
Beginner
Beginner
‎2018-05-03 03:17 PM

Is there any way to have a token assigned to another user without having them reimport?

Here is the scenario,

1. There is one iPhone that has the RSA app

2. There is one token assigned to the user of that phone

3. The current user leaves the company and the phone is given to the new employee

 

The current token is assigned to the old employee. Is there any way that the token could be switched to the new employee without having them have to reimport the token?

Labels (1)
Labels
0 Likes
Reply
4 Replies
EdwardDavis
Employee
Employee
‎2018-05-03 04:44 PM

It can be done with internal database users easily,

and with external identity source users with a few additional actions....

 

Ouser is old user

Nuser is new user

 

If the Ouser is in the internal database, you can edit first name/last name/userid and it's done.

 

If the Ouser is in an external identity source, it can be done this way:

-export Ouser with token

-edit the ldap user search filter to exclude this Ouser so they do not appear on security console

run an identity source cleanup, flush out Ouser in the list of orphaned objects

-import Ouser and token and send to Internal Database

 

-now edit Ouser in the Internal database to become Nuser 

(if you have a userid conflict such as Nuser already exists, break Nuser in the search filter and do

a cleanup on Nuser so they do not exist on the system, then you can do your edits to Ouser)

 

-export Nuser in internal database with token

-delete Nuser from internal database

Now repair or fix any Ouser or Nuser search filter exclusions in operations console. At a minimum Nuser

must appear in the security console list now, with the [first name/last name/userid] that matches what you created for

Nuser in the internal database earlier.

-import Nuser and token, and point them toward the external identity source.

 

an example of an exclude filter

(&(objectClass=User)&(objectcategory=person)&(!(sAMAccountName=Ouser)))

Reply
TylerN
Beginner
Beginner
‎2018-05-03 06:24 PM

Edward,

 

Thank you for the reply. Would you be able to provide step by step instructions on the first 3 options (exporting user and running clean up) or tell me why I can find that information?

0 Likes
Reply
SeanDoyle
Trusted Contributor Trusted Contributor
Trusted Contributor
‎2018-05-03 06:59 PM

Although possible, I would STRONGLY urge you against tampering with the database. Just issue a new token and be done with it. You'll have to clear the PIN anyway since the new users will not know it. Tampering with the LDAP filter or updating SQL tables manually really is not a good idea.. one slip and you could really mess up the system.

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to SeanDoyle
‎2018-05-07 09:27 AM

Sean Doyle‌,

 

Thank you for the feedback!

 

Regards,
Erica

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.