Bulk assign authenticators

Use this procedure to assign Entrust Soft Token (ST), Google authenticators, grid cards, hardware tokens, or passwords to multiple users on your Identity as a Service account. When performing a bulk assign soft token operation, the following occurs:

● Users with an existing ACTIVE or INACTIVE version of the authenticator are not assigned new ones.

● Users with soft tokens with an ACTIVATING status are assigned a new version of that token.

● Entrust Soft Tokens and Google authenticators are assigned in an ACTIVATING state. Users must activate their tokens.

– Grid cards are assigned in a PENDING state. The first time the user successfully authenticates with the grid card, the card state changes to ACTIVE.

– If the CSV file contains just a userId column, the bulk operation generates and assigns a grid card to each user in the file.

– If a Serial Number (or serialNumber) is blank or the header does not exist, the card is generated as an unassigned card.

– If a user is listed multiple times in the CSV file, the bulk assign operation assigns the user multiple grid cards until the maximum grid card per user setting is reached.

– If a user does not exist in Identity as a Service, then the row fails to be processed and is skipped and the bulk operation continues to process the remaining rows in the file.

CSV file format requirements

The header row in your CSV file contains only one column with userId as the value.

Tip: You can export a user list from the Users List page to use for bulk assign authenticators operation. Select the User ID as the only attribute to include in the file. See View, search, and export user list.

The following is a sample CSV file for bulk grid card assignment and hardware token authenticators with a Serial Number header:

Assign authenticators attributes

The following table summarizes supported Identity as a Service assign authenticators attributes.

Once the bulk assign is complete, the authenticators are automatically assigned to the users.

Assign authenticators in bulk

1. Click > Bulk Operations. The Bulk Operations page appears.

2. Click . The Add Bulk Operation page appears.

3. From the Actions drop-down list, select Assign.

4. From the Operations drop-down list, select the file you want to import. The options include:

● Entrust Soft Tokens

● Google Authenticators

● Grid Cards

● Hardware Tokens

● Passwords

5. If you select Passwords from the Operations list, optionally, select Change is Required on Next Usage to automatically prompt each user to change their password the first time it is used.

6. Set the Maximum Number of Retries to the number of retries the bulk operation can attempt if the bulk import is not immediately successful. The default value is 5. This setting prevents an endless number of retry attempt if the operation fails.

7. Enter a unique Name that identifies the operation in the Bulk Operations List page.

8. Enter a Description so that other users can understand the purpose of the operation.

9. Optional. Copy or download the same bulk file and modify it as required. (Available for hardware tokens only).

10. Click Initiate. The File to upload page appears.

11. Click the checkered box and browse to select your bulk assign file and click Open.

12. Click Upload. The Start/Stop page appears.

13. Click Start. When the upload completes, a Finished prompt appears.

14. Click Finished. You are returned to the Bulk Operations List page. Your bulk operation appears in the list. You can verify the status of the bulk operation.

15. To see a summary of the upload, click to view the details of the bulk operation, including any error information.

16. Click in the Refresh column to refresh the status of a bulk operation. This option appears only when a refresh is available.

The authenticator you selected for this operation is assigned to those who did not already have one. If Entrust ST or Google authenticators are assigned, users receive an email with instructions to configure the authenticator for use. If passwords are assigned, users receive an email with their new password.

Attribute	Header Value	Required
User ID This is the user ID of the user.	userId	Yes

Attribute	Header Value	Required
User ID This is the user ID of the user.	userId	Yes
Serial Number The serial number of an existing, unassigned grid card.	Serial Number (or serialNumber)	No

Attribute	Header Value	Required
User ID This is the user ID of the user.	userId	Yes
Serial Number The serial number of an existing, unassigned hardware token.	Serial Number (or serialNumber)	Yes