I feel like I'm missing something obvious here - but how to I setup self service to use the newest software tokens first (with the furthest expiration dates) instead of assigning out the oldest tokens that are about to expire?
You can do this by using security domains. These are just administrative constructs or containers.
Create a new security subdomain below systemdomain.
Put your users in it.
(on the list of users you check off the users to move and pick the top dropdown and 'Move to security domain')
Put your new tokens in it. Keep the old tokens out of it.
(on the list of unassigned tokens you check off the tokens to move and pick the top dropdown and 'Move to security domain')
Then users will only be able to request tokens in their own security domain.
it is not clear to me.
moving users to another security domain if their tokens are expiring doesn't seem logical to me.
more logical is to exclude tokens from selfservice
i have the following problem.
about 30000 users have to replace their tokens the coming months.
the check box delete token when replaced is on
the service desk is assigning and unassigning softtokens as well
the unassigned tokens (which are about to expire) are automatically assigned by the self-service portal
correct me if i am wrong, if a soft token is unassigned from the user it will stay in the same security domain and will be available again for the self-service portal
Hi Edward Davis
I've have 3 domains - SystemDomain, SecurID_Native, and Expiring Tokens, Even with tokens and users (my standard account) in SecurID_Native - I was still assigned expiring tokens from both SystemDomain, and Expiring_Tokens.
Also - If I move a user account or an assigned token to a new security subdomain, does it break authentication?
Retrieving data ...