AnsweredAssumed Answered

Soft Token Distribution Queries Specific to CTF URL and .SDTID methods

Question asked by Kanoj Dhamodharan on Oct 16, 2018
Latest reply on Oct 17, 2018 by Edward Davis

Hi 

 

We are using AM 8.2 version, We are in phase of migrating from Hardware to soft tokens. We want to distribute soft tokens, We need to restrict the Soft token Import on multiple devices. We know this can be achieved by providing the Device ID when distributing the token, however we cannot collect Device ID/ Mobile OS info of all users as the volume is very high. Note: We don't want the CT-KIP method as we don't want to publish the SSC.

 

Question 1: So if we go with CTF method, Is there a Global setting in RSA AM which restricts the token usage only on one device?, as we know there is no direct communication between the mobile app and the server, we want RSA AM to identify the device ID when the first authentication with the token happens from the first device it should save the Device ID for that token and will allow authentication only from that device going forward. Is this mechanism is available?

 

Question 2: If we go with SDTID Method, can this file can be opened with the IOS and ANDROID token application? is this functionality is supported in OLD and latest SecurID Soft Token Applications versions? any specific version which has issue opening this file? Similarly as mentioned in the question 1, can we restrict the token usage on only one device?

 

Question 3: As we don't know mobile OS of these users we want to do Distribution of Tokens with device type as Generic, we assume by choosing this option the same token can be installed on IOS , ANDROID or ANY.

                   

            Can we use Device type Generic + CTF URL method in software profile? does this combination works? and the  token can be imported on any mobile OS?

                         

             or Only device type Generic + .SDTID method combination is allowed?

 

Question: 4    As per the below articles the bulk distribution can be done through GUI,

Distribute Multiple Software Tokens Using Compressed Token Format (CTF) 

Distribute Multiple Software Tokens Using File-Based Provisioning 

 

In case if we mange to get Device IDs from users and if we distribute tokens in bulk, how do we map the device ID against the Tokens selected?

 

From article it says,

 

Step 4. In the DeviceSerialNumber field, do one of the following:

  • To bind the token to the device class, leave the default setting.

  • To bind the token to a specific device, clear the field and enter the device ID you obtained from the user.

 

Question: How do we bind the specific device for each token i have selected? i have been given only one box for device ID.

Example: I have option to select range of token and i have selected 50 tokens , but the binding device ID box shown to me is just one, I should have 50 binding boxes one against each token.  Should I use the Binding ID like below in same box?,

 

Eg: Hetndk3niddldmdjkdssrhfnf; nkmmfldmdmsmnnbjdndnddl; nndndnsheurnhndddmllsndmd

Outcomes