Hi All,
We have a number of tokens expiring Feb 28th. We are in the proces of having users replace their tokens. After a user successfully replaces an expired token and activates the new token, we notice the old token is removed from their profile.
It is what happens to the expiring token after it is removed from their profile that we are concerned with.
Say they do this today, that leaves 2 weeks until 2/28 when the token actually expires. Is the system smart enough to not make that expired token available to be re-issued to a new user? If not, what is the best way to manage that issue in the Security Console?
The system disables the token and puts it in the unassigned pile.
Expired tokens are not automatically selected and assigned.
However an admin can assign expired tokens any time they want to.
You can make the system delete the replaced token from the server, instead of putting it in
the unassigned pile. Once the new token is actually used for the first successful login, old one gets tossed:
setup, system settings, tokens,
If the replacement token has a problem, or otherwise the user has not used it yet, the original token remains active and usable (until it expires).
System will not delete tokens until the new one works.
If by mistake some tokens are deleted that you did not want deleted, you can use the original seed record you have stored in a safe place, and re-import the entire record, and choose to not overwrite duplicates. This will 'fill in the deleted ones' should some get deleted by accident.