Here is the scenario,
1. There is one iPhone that has the RSA app
2. There is one token assigned to the user of that phone
3. The current user leaves the company and the phone is given to the new employee
The current token is assigned to the old employee. Is there any way that the token could be switched to the new employee without having them have to reimport the token?
It can be done with internal database users easily,
and with external identity source users with a few additional actions....
Ouser is old user
Nuser is new user
If the Ouser is in the internal database, you can edit first name/last name/userid and it's done.
If the Ouser is in an external identity source, it can be done this way:
-export Ouser with token
-edit the ldap user search filter to exclude this Ouser so they do not appear on security console
run an identity source cleanup, flush out Ouser in the list of orphaned objects
-import Ouser and token and send to Internal Database
-now edit Ouser in the Internal database to become Nuser
(if you have a userid conflict such as Nuser already exists, break Nuser in the search filter and do
a cleanup on Nuser so they do not exist on the system, then you can do your edits to Ouser)
-export Nuser in internal database with token
-delete Nuser from internal database
Now repair or fix any Ouser or Nuser search filter exclusions in operations console. At a minimum Nuser
must appear in the security console list now, with the [first name/last name/userid] that matches what you created for
Nuser in the internal database earlier.
-import Nuser and token, and point them toward the external identity source.
an example of an exclude filter
(&(objectClass=User)&(objectcategory=person)&(!(sAMAccountName=Ouser)))