Manage hardware tokens

Hardware tokens have an Active or Inactive status. Inactive tokens cannot be used for authentication. If a user misplaces their hardware token, you can disable it to reduce the risk of anyone else using it. If the user finds the token later, you can re-enable the token and it can be used again.

Hardware tokens also have an internal clock. The clock's current time is used to generate token code values. Over time, the token and Identity as a Service can become out-of-sync. If this happens, Identity as a Service must be re-synced to the token. Synchronization also happens automatically when a successful token authentication occurs. Only assigned tokens can be synchronized. A token can be synchronized any number of times, but cannot be synchronized to a value prior to the current time step stored in the token.

View assigned and unassigned hardware tokens and token details

1. Click > Resources > Tokens. The Tokens page appears.

2. Click Assigned to see a list of assigned hardware tokens.

3. Click Unassigned to see a list of unassigned hardware tokens.

4. To set the number of rows on the page, scroll to the bottom of the page.

5. From the Rows per page drop-down list, select the number of rows to display on the page.

6. To move to a new page, on the right-hand side of the page, do the following as required:

● Click > to go to the next page.

● Click < to go to the previous page.

● Click |< to go to the first page.

● To view hardware token details, click the serial number. The Token Details page appears. Click OK to close the page.

Filter hardware tokens for serial number, date, or date last used

1. Click > Resources > Tokens. The Tokens page appears.

2. Click to enable filtering.

3. The Filters dialog box appears.

4. Select your filter options and click Apply.

5. You are returned to the Tokens page. The page displays your filter results.

6. To clear the filter, click again.

7. On the Filters dialog box, click Reset.

Enable, disable, synchronize, or unassign hardware tokens assigned to users

1. Click > Members > Users. The User List page appears.

2. Click the User ID of the user. The User Details page appears.

3. Click the Authenticators tab. The Authenticators page appears.

4. Click to the right of the hardware token that you want to enable or disable. A drop-down list appears.

● Click Disable to disable the hardware token and then click Confirm on the confirmation prompt.

● Click Enable to enable the hardware token and then click Confirm on the confirmation prompt..

● Click Synchronize to synchronize the token. The Synchronize Token dialog box appears.

Do the following:

– Power on the user's hardware token, and in the Enter Token Response field enter the token code that appears in the Token Response field.

– Click Synchronize. The hardware token is now synchronized with the server and ready for use.

● Click Unassign to unassign the hardware token from the user and then click Unassign. The hardware token is removed from the user's list of authenticators.

Delete a hardware token assigned to a user

You can delete authenticators assigned to users. For example, you might want to delete a token if the token is not performing authentications successfully or if the token has expired. A hardware token can be deleted by deleting the token's data file. If the wrong data file is accidently deleted, the token can be uploaded again by uploading the token's data file to Identity as a Service. See Import hardware tokens for more information.

Delete a user authenticator

1. Click > Members > Users. The Users List page appears.

2. Click the User ID for the profile you want to edit. The User Profile page appears.

3. Click the Authenticators tab. The Authenticators page appears.

4. Click to the right of the authenticator that you want to delete. A drop-down list appears.

5. Click Delete. A Delete token confirmation window appears.

6. Click Delete to delete the authenticator from the user's account and list of authenticators.

This option enables you to edit a soft token label. This is useful is you have multiple hardware tokens or want to replace a serial number with an easy to remember label.

Edit a token label

1. Click > Members > Users. The Users List page appears.

2. Click the User ID for the profile you want to edit. The User Profile page appears.

3. Click the Authenticators tab. The Authenticators page appears.

4. Click to the right of the authenticator. A drop-down list appears.

5. Click Edit. An Edit Label dialog box appears.

6. Enter a label for the token and then click Save.