SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Is there any way to have a token assigned to another user without having them reimport?

Here is the scenario,

1. There is one iPhone that has the RSA app

2. There is one token assigned to the user of that phone

3. The current user leaves the company and the phone is given to the new employee


The current token is assigned to the old employee. Is there any way that the token could be switched to the new employee without having them have to reimport the token?

Labels (1)
4 Replies

It can be done with internal database users easily,

and with external identity source users with a few additional actions....


Ouser is old user

Nuser is new user


If the Ouser is in the internal database, you can edit first name/last name/userid and it's done.


If the Ouser is in an external identity source, it can be done this way:

-export Ouser with token

-edit the ldap user search filter to exclude this Ouser so they do not appear on security console

run an identity source cleanup, flush out Ouser in the list of orphaned objects

-import Ouser and token and send to Internal Database


-now edit Ouser in the Internal database to become Nuser 

(if you have a userid conflict such as Nuser already exists, break Nuser in the search filter and do

a cleanup on Nuser so they do not exist on the system, then you can do your edits to Ouser)


-export Nuser in internal database with token

-delete Nuser from internal database

Now repair or fix any Ouser or Nuser search filter exclusions in operations console. At a minimum Nuser

must appear in the security console list now, with the [first name/last name/userid] that matches what you created for

Nuser in the internal database earlier.

-import Nuser and token, and point them toward the external identity source.


an example of an exclude filter





Thank you for the reply. Would you be able to provide step by step instructions on the first 3 options (exporting user and running clean up) or tell me why I can find that information?

Trusted Contributor Trusted Contributor
Trusted Contributor

Although possible, I would STRONGLY urge you against tampering with the database. Just issue a new token and be done with it. You'll have to clear the PIN anyway since the new users will not know it. Tampering with the LDAP filter or updating SQL tables manually really is not a good idea.. one slip and you could really mess up the system.

Sean Doyle‌,


Thank you for the feedback!