With a new software token profile, users can request an RSA SecurID software token from the Self-Service Console. The request is sent to the workflow process as a pending request, if approval is required. Once the request is complete, the token is in the enabled state, which requires activation by the user.
With a modified software token profile which has associations with other tokens, the user is required to perform an additional task because the token is sent in the disabled state.
Users can request a token from the Self-Service Console. The request is pending a work flow process if the approval is required. The request is completed in the Self-Service Console and the token is in a disabled state, which requires an additional task to enable the token manually prior to token activation by the user.
An example email notification to the user is below:
This is functioning as designed that the workflow in RSA Authentication Manager 8.1 does introduce a new step in the provisioning process. However, this new step helps to enhance the security of the token provisioning request.
By requiring an enablement code, it ensures that the token is not distributed in an Enabled state until the user is ready to enable it, either by following the link to Self-Service Enablement in the provisioning email, or by calling the Help Desk.
Here is a workaround to this issue:
Login to the Security Console.
Navigate to Settings > Self-Service Settings.
Under Provisioning, select Manage Authenticators.
Scroll to the Software Token Profiles section
Check the option to Allow users to edit token attribute details.
Uncheckthe option to Allow users to edit token attribute details.
This will take an immediate effect that the token can be assigned to users in an enabled state which eliminates an additional task.