Can you add more tokens even the "Users with Assigned Authenticators" limit was reached?
Our license limit is 2660, and our actual count is now 2292 - Limit Reached. If we upload additional SecurID software tokens, will our limit change? Or how does it works? Do we need to get a new license along with new tokens?
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- RSA Authentication Manager
- rsa secuid software token
- RSA SecurID
- RSA SecurID Access
You can add as many users as you want, and install as many tokens as you want, no limits.
What is limited by the license is: how many users you can match up and assign an authenticator to.
The only thing that takes 1 off the license is a [user with a token assigned] (or fixed passcode, or on-demand...anything that can be used to authenticate].
Example: I have a 2000 user license, but can have 10,000 users and 10,000 tokens, but only 2000 people can have tokens assigned at the same time. Fixed passcodes also go against the license count.
A user can have more than one token assigned and this only takes up 1 off the license...a user with 3 tokens and on-demand and a fixed passcode is 5 authenticators, but only 1 off the license.
NOTE: If you had tokens assigned to people in AD or LDAP, and you did not unassign the token and lets say they left the company and are removed from AD...the Auth Manager server will still eat up a license slot as the token is still assigned to 'unknown' and userid is hidden in the database. You can run an 'identity source cleanup job' and this will free up those tokens and free up license slots. The idea is the system does not know the reason the user is missing, and it could just be a network outage...so for missing AD users, you cannot see the user, but the data and tokens assigned are not removed, in case the issue is resolved (if a network outage or AD problem) the user will pop back in with the same token and pin and whatnot.
If you must assign tokens to more users, I'd first suggest reviewing your deployment to see if there are people with tokens assigned who do not need them anymore. If you unassign a token from one user, it is then available to assign to someone else.
If you cannot unassign tokens, please contact your RSA sales rep or your reseller to discuss a license upgrade, which will allow you to assign tokens to more users. Depending on how many unassigned tokens you have in your pool, you may also want to purchase more tokens.
If you must assign tokens to more users than normal because of a temporary issue, such as COVID-19, you should ask about our Business Continuity Option. Take a look at the blog post on https://community.rsa.com/community/products/securid/blog/2020/03/06/protection-and-peace-of-mind-during-a-time-of-business-disruption for more information.