This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JohnstoneSupply
Beginner
Beginner
‎2016-08-25 04:27 PM

Removing a user from next tokencode mode

Is there a way to remove a user from next tokencode mode without having to get on the phone with the user? 

Labels (1)
Labels
0 Likes
Reply
3 Replies
jeffshurtliff
Administrator Administrator
Administrator
‎2016-08-25 04:41 PM

Hi,

 

I have moved this thread to the https://community.rsa.com/community/products/securid?sr=search&searchId=47e7c052-d37b-47ea-b35e-0692ac5586e8&searchIndex=0‌ page so that you can get an answer to your question.

 

Thanks,
Jeff

0 Likes
Reply
MohamedAboElKhe
Employee
Employee
‎2016-08-26 08:17 AM

Hi,

 

There is a utility you can use from the AM server command line to reset next tokencode mode for any number of tokens you want or for all of them. However, please note that next tokencode mode is sometimes needed to re-synchronize the token when having a slight time difference from the server, so you should keep it unlesss necessary.

 

To use the utility you can follow the below steps:

 

1- Open an SSH session to the AM server.

2- Run the below commands to move to the utilities directory:

# cd /opt/rsa/am/utils/

3- To reset next tokencode mode for ALL tokens use the below command:

# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -a -n

e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -a -n

4- To reset next tokencode mode for SOME tokens, you will first need to create a file on the AM server with all serial numbers of  tokens you need to reset each in a newline as shown in the below example:

# cat /tmp/tokens
000113474499
000113474500
000113474501

Then you need to run the below command:

# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -f <path of token file> -n

e.g:
# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -f /tmp/tokens -n

 

Please check and let me know if this meets your requirements.

Reply
MHelmy
Moderator Moderator
Moderator
‎2016-08-26 08:33 AM

Well you can fix the symptom of Next token code mode by the following:

 

1. Login to the Security Console > Users > Locate the user with problems > Click on the arrow beside the user to open the context menu >  Authentication Settings > Check the "Clear incorrect passcodes" check box > Save. That should remove all his tokens from next token-code mode.

 

However this will not fix the cause of it. If its just due to typing mistakes of the token code more than once, then he should be ok on the next login. However if his token is out of sync, then he will keep failing authentication till he hits next-token code mode again. At that point you need to re-synchronise his token from the Security Console.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.