Is there a way to remove a user from next tokencode mode without having to get on the phone with the user?
I have moved this thread to the RSA SecurID Access page so that you can get an answer to your question.
There is a utility you can use from the AM server command line to reset next tokencode mode for any number of tokens you want or for all of them. However, please note that next tokencode mode is sometimes needed to re-synchronize the token when having a slight time difference from the server, so you should keep it unlesss necessary.
To use the utility you can follow the below steps:
1- Open an SSH session to the AM server.
2- Run the below commands to move to the utilities directory:
# cd /opt/rsa/am/utils/
3- To reset next tokencode mode for ALL tokens use the below command:
# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -a -ne.g:# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -a -n
4- To reset next tokencode mode for SOME tokens, you will first need to create a file on the AM server with all serial numbers of tokens you need to reset each in a newline as shown in the below example:
# cat /tmp/tokens000113474499000113474500000113474501
Then you need to run the below command:
# ./rsautil sync-tokens -u <super admin user ID> -p <super admin password> -o <output file path> -f <path of token file> -ne.g:# ./rsautil sync-tokens -u superadmin -p "pa$$W0rd" -o /tmp/out.txt -f /tmp/tokens -n
Please check and let me know if this meets your requirements.
Well you can fix the symptom of Next token code mode by the following:
1. Login to the Security Console > Users > Locate the user with problems > Click on the arrow beside the user to open the context menu > Authentication Settings > Check the "Clear incorrect passcodes" check box > Save. That should remove all his tokens from next token-code mode.
However this will not fix the cause of it. If its just due to typing mistakes of the token code more than once, then he should be ok on the next login. However if his token is out of sync, then he will keep failing authentication till he hits next-token code mode again. At that point you need to re-synchronise his token from the Security Console.
Retrieving data ...