This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
DiegoPozzi
Beginner
Beginner
‎2020-06-19 02:14 PM

Bulk Token distribution based upon specific s/n token list

Hi I'm Diego, from Italy,

actually not network administrator of our system but I have access to the RSA console.

 

Currently we are migrating our phones in bulk and need to distribute the tokens for our users.

We have to distribute one token at time from the RSA console, searching the s/n or the user surname and then proceeding to distribute. Unfortunately we have more than 5000 users to distribute and they comes in random order so the token are random and not in crescent or decrescent scale.

 

I've found the bulk distribution seed based:

 

seed.png

 

In this distribution procedure we can set up some parameters but there is no way to pass the exact token list via *.csv or somehow else.

 

ranges.png

 

the only option is ranges, but we prefer to avoid the random ranges because for examples the tokens I have to distribute next monday, and they are 76, have a range of 4207 tokens betweens them!


During our test we verified that when an iOS token is distributed, if it is still active on phone it still works (if it was previusly activated) and there is no problem doing that, if our user will change the phone will be able to import the token otherwise the distribution time will naturally ends 7 days later. But usually we proceed a token at time. We are all in smartworking due the covid-19 Emergency and the idea that all our users may be unable to connect due the massive token failure on our phones is stopping us to use this bulk distribution way and literally we are doing a non sense work distributing one tokens at once. There is absolutely no way to pass to the console a *.csv with the exact list of tokens we need do distribute?

 

 

Thanks for your attention


Diego

Labels (1)
Labels
0 Likes
Reply
6 Replies
DiegoPozzi
Beginner
Beginner
‎2020-06-19 02:25 PM

This article won't answer my question: https://community.rsa.com/docs/DOC-77344

0 Likes
Reply
EdwardDavis
Employee
Employee
‎2020-06-19 04:09 PM

You can use Security Domains for this.

 

example:

I have over 2000 software tokens in SystemDomain, I don't want to bulk distribute all of them, only 98 specific ones.

The bulk token job screen would take too long to sort out serial numbers and what I want to export...so I use the Securid Tokens list page and it's search options, to pick and choose which ones move to a System Subdomain.

 

pastedImage_2.png

 

I will use the -report-dom domain in my example below. 

 

I go to the Securid Tokens list and use search options to pick and checkmark which tokens I want, and move them to a subdomain.

In this screenshot you can see two tokens checked off, and the top dropdown shows Move to Security Domain.

[I ended up picking and moving 98 tokens to -report-dom subdomain.]

 

pastedImage_1.png

 

 

 

Now once all tokens I am concerned with are in the subdomain, I can bulk distribute ALL but only from -report-dom
pastedImage_1.png

 

Now, I have the 98 tokens I previously moved to that subdomain in the bulk distribute job.

 

pastedImage_2.png

 

 

You could make as many subdomains as needed named for the Type of Device (IOS-domain, Android-domain..etc) to make it easier, then move tokens to those domains, and run the bulk token job against the appropriate subdomain and matching software token profile.

Reply
StevenSpicer
Valued Contributor Valued Contributor
Valued Contributor
‎2020-06-22 07:35 AM

The AMBA (Authentication Manager Bulk Administration) utility, available on the command line via rsautil, can accept a csv iist of token serial numbers (and other things) to get your tokens distributed  The documentation is here: https://community.rsa.com/docs/DOC-97710 To run it you need to ssh into the Primary.  You can use the Single Softtoken Deployment operation to deploy already-assigned tokens.

Reply
DiegoPozzi
Beginner
Beginner
In response to EdwardDavis
‎2020-06-23 04:07 AM

Thanks for your suggestion, our network admin told me that in any case you have to select all the users in order to mode to a sub-domain and it's unclear how token will respond later. it's stilla workaround somehow, the AMBA utility seems more the solution unfortunately I can't set the utility in production without the system administrators help.. maybe for the next bulk migration it will be available.

Thans for your kind answer

0 Likes
Reply
DiegoPozzi
Beginner
Beginner
In response to StevenSpicer
‎2020-06-23 04:09 AM

Seems that this is the solution, was hoping in something I can use directly but there is no way that without the admin rights we will able to perform such action.

I hope that for the next bulk migration our system admin will put in production such utility, thanks for your kind answer

0 Likes
Reply
RajaS
New Contributor
New Contributor
In response to DiegoPozzi
‎2021-01-13 06:01 AM

@Diego Pozzi

 

I hope you tried the more criteria option.

 

pastedImage_3.png

 

Either you can mention the Serial no range from and to

 

And choose More Criteria option to choose the Assigned By or Assigned on so it will give you the correct figures which token you'd assigned to the users and you can bulk provision the tokens to the users.

 

Hope i am close to your solution.

0 Likes
Reply
© 2022 RSA Security LLC or its affiliates. All rights reserved.