We use the extendable capability for software tokens to lengthen the time we need to redeploy soft tokens, however for accounting purposes, we don't see a way to enumerate what was done. Is there a way to report on extended tokens?
Ideally we would be able to show users with extended tokens, and what the serial numbers are for the soft tokens that were used to extend it.
When listing tokens, this will be in the columns
If I unassign extended tokens, they will still show the info about being extended and by what ser number:
(in my example the extension token did happen to expire on 2/18/2018, but the original token was expired back in 2014)
However, the reports for software tokens, or users with tokens, only works on expiration date or serial number range, they do not have a field for 'extension token'.
---
More custom information can be had with an SQL query.
This example shows two extended tokens for internal database user ZAZ,
and one extended [and expired] token assigned to ldap user CFITZ,
with some details (there are far more columns available in both am_token and ims_principal_data)
SELECT
am_token.serial_number,
am_token.extension_mode,
am_token.extend_token_sn,
am_token.orig_token_shutdown_date,
am_token.token_shutdown_date,
ims_principal_data.loginuid
FROM
rsa_rep.am_token,
rsa_rep.ims_principal_data
WHERE
am_token.principal_id = ims_principal_data.id
and
am_token.extension_mode = '1';