AnsweredAssumed Answered

Is there any way to have a token assigned to another user without having them reimport?

Question asked by Tyler N on May 3, 2018
Latest reply on May 7, 2018 by Erica Chalfin

Like • Show 0 Likes0
Comment • 4

Here is the scenario,

1. There is one iPhone that has the RSA app

2. There is one token assigned to the user of that phone

3. The current user leaves the company and the phone is given to the new employee

The current token is assigned to the old employee. Is there any way that the token could be switched to the new employee without having them have to reimport the token?

No one else has this question

Outcomes

4 Replies

Edward Davis May 3, 2018 4:50 PM
Mark Correct
Correct Answer
It can be done with internal database users easily,
and with external identity source users with a few additional actions....

Ouser is old user
Nuser is new user

If the Ouser is in the internal database, you can edit first name/last name/userid and it's done.

If the Ouser is in an external identity source, it can be done this way:
-export Ouser with token
-edit the ldap user search filter to exclude this Ouser so they do not appear on security console
run an identity source cleanup, flush out Ouser in the list of orphaned objects
-import Ouser and token and send to Internal Database

-now edit Ouser in the Internal database to become Nuser
(if you have a userid conflict such as Nuser already exists, break Nuser in the search filter and do
a cleanup on Nuser so they do not exist on the system, then you can do your edits to Ouser)

-export Nuser in internal database with token
-delete Nuser from internal database
Now repair or fix any Ouser or Nuser search filter exclusions in operations console. At a minimum Nuser
must appear in the security console list now, with the [first name/last name/userid] that matches what you created for
Nuser in the internal database earlier.
-import Nuser and token, and point them toward the external identity source.

an example of an exclude filter
(&(objectClass=User)&(objectcategory=person)&(!(sAMAccountName=Ouser)))
Like • Show 2 Likes2
Actions
Tyler N May 3, 2018 6:24 PM
Mark Correct
Correct Answer
Edward,

Thank you for the reply. Would you be able to provide step by step instructions on the first 3 options (exporting user and running clean up) or tell me why I can find that information?
Like • Show 0 Likes0
Actions
Sean Doyle May 3, 2018 6:59 PM
Mark Correct
Correct Answer
Although possible, I would STRONGLY urge you against tampering with the database. Just issue a new token and be done with it. You'll have to clear the PIN anyway since the new users will not know it. Tampering with the LDAP filter or updating SQL tables manually really is not a good idea.. one slip and you could really mess up the system.
1 person found this helpful
Like • Show 4 Likes4
Actions
- Erica Chalfin @ Sean Doyle on May 7, 2018 9:27 AM
  Mark Correct
  Correct Answer
  Sean Doyle,
  
  Thank you for the feedback!
  
  Regards,
  Erica
  Like • Show 0 Likes0
  Actions

Is there any way to have a token assigned to another user without having them reimport?

Outcomes

Related Content

Recommended Content