This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by SecurID experts.

RSA SecurID software token is distributed in a disabled state when requested with modified software token profiles via the Authentication Manager Self-Service Console

Article Number

000031688

Applies To

RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1

Issue

With a new software token profile, users can request an RSA SecurID software token from the Self-Service Console.  The request is sent to the workflow process as a pending request, if approval is required.  Once the request is complete, the token is in the enabled state, which requires activation by the user.
 
Image descriptionImage description
 
With a modified software token profile which has associations with other tokens, the user is required to perform an additional task because the token is sent in the disabled state.
 
Image descriptionImage description


Users can request a token from the Self-Service Console.  The request is pending a work flow process if the approval is required.  The request is completed in the Self-Service Console and the token is in a disabled state, which requires an additional task to enable the token manually prior to token activation by the user.

An example email notification to the user is below:
Image descriptionImage description

Resolution

This is functioning as designed that the workflow in RSA Authentication Manager 8.1 does introduce a new step in the provisioning process.   However, this new step helps to enhance the security of the token provisioning request.  

By requiring an enablement code, it ensures that the token is not distributed in an Enabled state until the user is ready to enable it, either by following the link to Self-Service Enablement in the provisioning email, or by calling the Help Desk. 

Workaround

Here is a workaround to this issue: 
  1. Login to the Security Console.
  2. Navigate to Settings Self-Service Settings.
  3. Under Provisioning, select Manage Authenticators.
  4. Scroll to the Software Token Profiles section 
  5. Check the option to Allow users to edit token attribute details.
  6. Click Save
  7. Uncheck the option to Allow users to edit token attribute details.
  8. Click Save
This will take an immediate effect that the token can be assigned to users in an enabled state which eliminates an additional task.
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-12 11:00 PM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.