This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
ReneHernandez
New Contributor
New Contributor
‎2019-03-28 12:29 PM

RSA SecurityID Newbie

Hello I am new to RSA SecurityID  and we are currently out of licenses. Existing users can log in, however, we can no longer add/assign tokens/licenses to new users. Is there a way to reclaim expired tokens and are tokens equal to license? Is there any adverse affect if I export tokens and users? I want to compare to accounts that are active in AD. Again, I am new to RSA and have zero training.

Labels (1)
0 Likes
Reply
8 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2019-03-28 01:15 PM

A user counts against the active user license limit if they have a token, including on-demand tokens, if they are enabled to Risk Based Authentication, or if they have a Fixed Passcode assigned, but they can only count once against the limit even if they have 3 tokens assigned.  So you need to identity who counts.

 

If your users are in an external Identity Source, Like Active Directory, run a Clean up, either now or scheduled

SC-Setup-IdentitySource-CleanUp.png

If users have been removed from AD, the clean-up job will find the tokens assigned to ex-employees and return them to available and lower your active user count.

Other approach would be to manually look through Security Console - Identity - Users - Manage Existing, and identity users who no longer need tokens.

Run a report on Users with tokens could help too

Reply
ReneHernandez
New Contributor
New Contributor
In response to JayGuillette
‎2019-03-28 01:20 PM

Thanks Jay, we ran that this morning. We were only able to delete one user.

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2019-03-29 07:50 AM

Hello,

 

License count

describes the total number of users on the system that can be assigned a way to authenticate.

This typically never expires.

 

Tokens

Tokens have seed records that do expire. You cannot reuse a token that has expired. If it is a software token, you can purchase new unexpired token seeds, and use these new expire dates to extend the lifetime of the old software tokens that did expire. Or simply assign them as new tokens.

 

 

If all your tokens have expired, and you are caught without new tokens to assign, you can still have users authenticate by assigning them fixed passcodes. However, fixed passcodes are not 2-factor, it is 1-factor (essentially a password you know...and if you have another password such as Active Directory, that is considered 1-factor as well). So you can assign fixed passcodes as an emergency and users are not completely unable to access a resource while you wait for new tokens to arrive, but it is considered single factor and does not meet any security policy or regulation that requires 2-factor in the definition of 'something you have (the token only you possess) and something you know (the memorized pin for that token)'. Two single factors (fixed passcode and an Active Directory password) do not sum to true 2-factor.

Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2019-04-01 02:14 PM

If you're worried that you might be running out of available tokens, you can check Token Statistics on the Home Page of the Security Console to get a table of your tokens and their availability.  Also on the Home Page is a link to License Status, which will show you the type of license, the number of allowed users-with-authenticators and how many such users there are.  You might simply need to buy more tokens, or a larger license.    

Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2019-04-03 09:19 AM

Rene Hernandez‌,

 

Were you able to resolve your issue or do you need additional assistance?

Regards,

Erica

0 Likes
Reply
ReneHernandez
New Contributor
New Contributor
In response to _EricaChalfin
‎2019-04-03 09:30 AM

Hi Erica,

I need still need assistance, just have not had time to schedule a webex.

0 Likes
Reply
ReneHernandez
New Contributor
New Contributor
In response to _EricaChalfin
‎2019-04-03 03:30 PM

Hi Erica,

We just received our new license xml file, however version does not match version we are on. License version 8.4, we are on 8.2 p 05.

 

 

<attachments deleted>

0 Likes
Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
In response to ReneHernandez
‎2019-04-03 04:10 PM

Rene Hernandez‌,


I removed your screen shots for security purposes.  We recommend against posting PII on a public forum.

 

In this case, I would recommend that you install Authentication Manager 8.4 on your servers using the 8.4 license you received.

 

Regards,

Erica

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.