SecurID^® Discussions

ASWINSASIDHARAN · ‎2018-11-13

Currently, we are using RSA SecurID with version 8.1. Some of our soft tokens are getting expired in two weeks time. We have uploaded new soft tokens to the AM Server.

How can we replace the expiring tokens with the newly bought tokens and distribute them?

Is there any way we can do both these activities bulk?

EdwardDavis · ‎2018-11-13

There are multiple ways to do this. In Security Console you can list tokens by expire date, and select them all up to 500 at a time..., and choose the select box option to replace, then you can choose replacements. Then you will need to distribute them. The old token keeps working until the user 'gets around' to using the new token for the first time, and then the old token becomes unassigned. If you have provisioning features, users could request replacement tokens in the self-service console. Or you could use AMBA (auth manager bulk admin scripting) to assign replacements and also distribute them via email as attachments or ctkip links. If your version is 8.1.x and not 8.2.x or higher, the tokens the users currently have cannot be extended ('extend software token lifetime' is another option rather than replace tokens...any software token that was distributed from version 8.2 or higher, has an 'artificial expire date' on the user device of Dec 31, 2035. Those tokens will expire on the 'normal date' in the Security Console...but...can inherit the expire dates of new tokens you purchase, so the end user doesn't need to be involved until 2035). You could also assign replacements, and in the Security Console you can 'distribute tokens in bulk' for a specific software token profile, so one job can generate many tokens to be distributed.

View solution in original post

EdwardDavis · ‎2018-11-13

There are multiple ways to do this. In Security Console you can list tokens by expire date, and select them all up to 500 at a time..., and choose the select box option to replace, then you can choose replacements. Then you will need to distribute them. The old token keeps working until the user 'gets around' to using the new token for the first time, and then the old token becomes unassigned. If you have provisioning features, users could request replacement tokens in the self-service console. Or you could use AMBA (auth manager bulk admin scripting) to assign replacements and also distribute them via email as attachments or ctkip links. If your version is 8.1.x and not 8.2.x or higher, the tokens the users currently have cannot be extended ('extend software token lifetime' is another option rather than replace tokens...any software token that was distributed from version 8.2 or higher, has an 'artificial expire date' on the user device of Dec 31, 2035. Those tokens will expire on the 'normal date' in the Security Console...but...can inherit the expire dates of new tokens you purchase, so the end user doesn't need to be involved until 2035). You could also assign replacements, and in the Security Console you can 'distribute tokens in bulk' for a specific software token profile, so one job can generate many tokens to be distributed.

ASWINSASIDHARAN · ‎2018-11-13

Hi Edward, thank you for the reply.

When I replaced a single token, I can now see two tokens assigned to the same user. One is the old token and other the new one which is going to replace the old one.

But I cannot find the option to "distribute the token" when I click on the drop down menu next to the new token.

How will I distribute the new token so that user can start using it??

SecurID^® Discussions

Replace and redistribute tokens for RSA AM 8.1

Authenticators

SecurID® Discussions

Replace and redistribute tokens for RSA AM 8.1

Authenticators

SecurID^® Discussions