CA Identity Manager Connector Guides › Connectors Guide › Connecting to Endpoints › RSA ACE (SecurID) Connector › Connector Specific Features › Token Management

Token Management

The Token management features of the RSA Connector let users view and manage RSA Tokens and simulate suspending RSA accounts through a global user or Token properties.

RSA Tokens Property Sheet

The RSA Tokens property sheet lets you view a token's details and initiate operations on the token. The following property pages apply to RSA tokens:

• Token Profile
• Token Operations

Tokens Profile Tab

The Tokens Profile tab is a read-only page that displays the following details of a token:

• Serial Number
• Token Type
• Assigned...to..
• Enabled
• Lost
• New PIN Mode
• Expired
• Replacement Status

Token Operations Tab

The Token Operations tab is used to initiate operations on a token.

Note: Operations are initiated on a single token at a time.

Using this tab, you can initiate the following operations:

Enable Token

Enables the token.

Disable Token

Disables the token

Set New PIN Mode

When the Set New PIN operation is selected, you can check the Clear PIN check box to clear the token immediately. A new PIN is assigned the next time you log in with your token code only.

If the Clear PIN check box is not checked, the PIN is cleared the next time you log in with your current PIN and token code.

Set Emergency Mode Off

Sets the emergency mode to off.

Set Emergency Mode On

When the set emergency mode operation is selected, you can specify the temporary password to be used, how long the emergency access mode is to last, and that the token is not automatically declared lost during the emergency access mode.

Set Replacement Mode

When the replacement mode operation is selected, you can search for a replacement token from all the available tokens or narrow the search by specifying specific attributes to search.

Enable a Token

Perform this procedure to run the enable token operation.

From the Token Operations Tab

1. Select Enable Token from the Operation field drop-down list.
2. Click Apply/OK to enable the token.

   The enable token operation is performed.

Disable a Token

Perform this procedure to run the disable token operation.

From the Token Operations Tab

1. Select Disable Token from the Operation field drop-down list.
2. Click Apply/OK to disable the token.

   The disable token operation is performed.

Set Emergency Mode Off

Perform this procedure to run the set emergency mode off operation.

From the Token Operations Tab

1. Select Set Emergency Mode Off from the Operation field drop-down list.
2. Click Apply/OK to turn emergency mode off.

   The set Emergency Mode Off operation is performed.

Set New PIN Mode

Perform the following procedure to run the set new PIN mode operation.

From the Token Operation Tab

1. Select Set New PIN Mode from the Operations field drop-down list.

   The Set New PIN Mode controls are activated.

2. Check the Clear PIN check box if the PIN for the token is to be cleared immediately.

   A new PIN must be assigned the next time you log in with your token code. Your current PIN will not work.

   If the Clear PIN check box is not checked, the PIN is cleared when you log in again with you current PIN and token code.

3. Click Apply/OK to put the token into new PIN mode.

   The Set New PIN Mode operation is performed.

Set Emergency Mode On

Perform the following procedure to run the set emergency mode on operation.

From the Token Operation Tab

1. Select Emergency Mode On from the Operations field drop-down list.

   The Set Emergency Mode On controls are activated.

2. Enter the temporary password in the Temporary Password field to be used during the emergency operation.
3. Enter the length in the Life time field, in hours, that the emergency mode will be in effect.
4. Check the Auto not lost check box if the token should not be declared lost during emergency mode. If the check box is not selected, the token will be declared lost during the emergency operation.

   Note: Auto not lost is only available for RSA 6.1 or higher.

5. Click Apply/OK to turn Emergency Mode on.

   The Set Emergency Mode On operation is performed.

Set Replacement Mode

Perform the following procedure to run the set replacement mode operation.

From the Token Operation Tab

1. Select Set Replacement Mode from the Operations field drop-down list.

   The Set Replacement Mode Operations controls are activated.

2. Check the Keep Current Pin check box if the replacement token should be given the same PIN as the token being replaced. Leave this check box unchecked if the replacement token should start in new PIN mode.
3. Search for the available tokens by clicking the Search button to list all of the available tokens or specify the seed size, token type, and serial number to narrow the token search.

   The available tokens appear in the Available Tokens List Box.

4. Select a token from the Available Tokens list box and click the Add (>) button to add the token to the replacement serial number field.
5. Click Apply/OK to perform the selected replacement.

   The Set Replacement Mode operation is performed.

Suspending and Resuming RSA Accounts

The RSA Connector can simulate account suspension by removing all tokens from an account. This approach restricts a user’s ability to access the system. Resumption of an account is implemented by re-assigning tokens to an account. Two following two attributes are included in the connectors account class:

• eTSuspensionState
• eTPreSuspensionState

If these two attributes are defined, the following requests on an RSA account are affected:

• Account Search
• Account Modify
• Account Suspend
• Account Resume