Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Perform bulk operations >
  3. Bulk assign authenticators

 

Bulk assign authenticators

Use this procedure to assign Entrust Soft Token (ST), Google authenticators, grid cards, hardware tokens, or passwords to multiple users on your Identity as a Service account. When performing a bulk assign soft token operation, the following occurs:

Users with an existing ACTIVE or INACTIVE version of the authenticator are not assigned new ones.

Users with soft tokens with an ACTIVATING status are assigned a new version of that token.

Entrust Soft Tokens and Google authenticators are assigned in an ACTIVATING state. Users must activate their tokens.

When bulk assigning grid cards, note the following:

Grid cards are assigned in a PENDING state. The first time the user successfully authenticates with the grid card, the card state changes to ACTIVE.

If the CSV file contains just a userId column, the bulk operation generates and assigns a grid card to each user in the file.

If a Serial Number (or serialNumber) is blank or the header does not exist, the card is generated as an unassigned card.

If a user is listed multiple times in the CSV file, the bulk assign operation assigns the user multiple grid cards until the maximum grid card per user setting is reached.

If a user does not exist in Identity as a Service, then the row fails to be processed and is skipped and the bulk operation continues to process the remaining rows in the file.

When bulk assigning hardware tokens, note the following:

Hardware tokens are assigned in an ACTIVE state.

The CSV file requires both a serialNumber and a userId header.

CSV file format requirements

The header row in your CSV file contains only one column with userId as the value.

The following is a sample CSV file to help you get started:

userId
user1
user2
user3
user4

Tip: You can export a user list from the Users List page to use for bulk assign authenticators operation. Select the User ID as the only attribute to include in the file. See View, search, and export user list.

The following is a sample CSV file for bulk grid card assignment and hardware token authenticators with a Serial Number header:

userId,serialNumber
user1,1234567
user2,2345678
user3,3456789
user4,1235679

Download a sample file with a userId column heading: AssignAuthenticators.csv

Download a sample file with both userId and serialNumber column headings: AssignSerialNumberAuthenticators.csv

Assign authenticators attributes

The following table summarizes supported Identity as a Service assign authenticators attributes.

Table: Bulk assign authenticators

Attribute

Header Value

Required
User ID User ID   

This is the user ID of the user.

userId

Yes

Table: Bulk assign grid card authenticators with a serial number

Attribute

Header Value

Required
User ID User ID    

This is the user ID of the user.

userId

Yes
Serial NumberSerial Number

The serial number of an existing, unassigned grid card.

Serial Number (or serialNumber)

No

Table: Bulk assign hardware token authenticators with a serial number

Attribute

Header Value

Required
User ID User ID     

This is the user ID of the user.

userId

Yes
Serial NumberSerial Number

The serial number of an existing, unassigned hardware token.

Serial Number (or serialNumber)

Yes

Once the bulk assign is complete, the authenticators are automatically assigned to the users.

Assign authenticators in bulk

How to assign authenticators in bulkHow to assign authenticators in bulk

Click > Bulk Operations. The Bulk Operations page appears.

Click . The Add Bulk Operation page appears.

From the Actions drop-down list, select Assign.  

From the Operations drop-down list, select the file you want to import. The options include:

Entrust Soft Tokens

Google Authenticators

Grid Cards

Hardware Tokens

Passwords

If you select Passwords from the Operations list, optionally, select Change is Required on Next Usage to automatically prompt each user to change their password the first time it is used.

Set the Maximum Number of Retries to the number of retries the bulk operation can attempt if the bulk import is not immediately successful. The default value is 5. This setting prevents an endless number of retry attempt if the operation fails.

Enter a unique Name that identifies the operation in the Bulk Operations List page.

Enter a Description so that other users can understand the purpose of the operation.

Optional. Copy or download the same bulk file and modify it as required. (Available for hardware tokens only).

Click Initiate. The File to upload page appears.

Click the checkered box and browse to select your bulk assign file and click Open.

Click Upload. The Start/Stop page appears.

Click Start. When the upload completes, a Finished prompt appears.

Click Finished. You are returned to the Bulk Operations List page. Your bulk operation appears in the list. You can verify the status of the bulk operation.

To see a summary of the upload, click to view the details of the bulk operation, including any error information.

Click in the Refresh column to refresh the status of a bulk operation. This option appears only when a refresh is available.

The authenticator you selected for this operation is assigned to those who did not already have one. If Entrust ST or Google authenticators are assigned, users receive an email with instructions to configure the authenticator for use. If passwords are assigned, users receive an email with their new password.