We have RSA Authentication Manager 8.2 SP1 - I was wondering if there was a "mass change" option for users. For example, if we have a number of users that have expired tokens. Can we disable all these users through a batch update (scripted) process rather than manually changing each status to disabled?
 |
Yes. Auth Manager Bulk Admin (AMBA)
UUD update user data command, has EnableFlag you can set.
True to enable a user account, false to disable the account
| Action | UUD |
| Required Fields | DefLogin or TokSerial |
Optional Fields LastName, FirstName, Email, CertDN, DefShell, DefLogin
(if TokSerial is present), MiscVariable, UserPwd,
IdentitySource, SecurityDomain, EnableFlag
So, a sample csv input file might be (to disable user named bubbles and one named crm114)
Action,deflogin,enableflag
UUD,bubbles,false
UUD,crm114,false
or, more to the point, you can do it by TokSerial instead of DefLogin, and build the input file csv
with Excel, and blast out a range of [token start and end] serial numbers easily (fill/down/series) for the batch that is expired.
Yes. Auth Manager Bulk Admin (AMBA)
UUD update user data command, has EnableFlag you can set.
True to enable a user account, false to disable the account
Optional Fields LastName, FirstName, Email, CertDN, DefShell, DefLogin
(if TokSerial is present), MiscVariable, UserPwd,
IdentitySource, SecurityDomain, EnableFlag
So, a sample csv input file might be (to disable user named bubbles and one named crm114)
Action,deflogin,enableflag
UUD,bubbles,false
UUD,crm114,false
or, more to the point, you can do it by TokSerial instead of DefLogin, and build the input file csv
with Excel, and blast out a range of [token start and end] serial numbers easily (fill/down/series) for the batch that is expired.