Bulk assign third-party tokens
The tokens must exist in inventory prior to using this module.
This module is available to Virtual Service Provider and Subscriber accounts and allows tokens from various manufacturers to be managed by SafeNet Authentication Service. Tokens are automatically bound to an existing UserID in SafeNet Authentication Service if the token import record contains a matching UserID. If the import record does not include a UserID, the token is imported and placed in inventory.
The token records must be added to your token inventory by your Service Provider. Your Service Provider will require a file containing a record for each token.
Importing SecurID tokens is not available to Virtual Service Provider or Subscriber accounts. Third-party OATH tokens can be imported into SafeNet Authentication Service, however, these must be converted to a special . btk format prior to import. Contact Thales for instructions.
RADIUS tokens can be used with any token type, including RSA/SecurID, provided the third-party authentication server will accept authentication requests via RADIUS from SAS.
-
Create a third-party token import file.
This file must be comma delimited file (.csv) and contain a record for each token being imported. Each record must be in the following format:
SerialNumber,yyyy/mm/dd
Note the leading “,”.
The serial Number is 12 characters (pad with leading 0 if necessary).
These tokens will appear in your token inventory when you complete the import process.
-
To automatically bind a specific token to a user during import:
Ensure that the UserID already exists in SAS.
Ensure that a record in the import file contains the corresponding UserID and token serial number. This file must be comma delimited file (.csv). Each record in the import file must be in the format:
UserID,SerialNumber,yyyy/mm/dd
The Serial Number is 12 characters (pad with leading 0 if necessary).
If a UserID is omitted in the import record, the token will be imported and placed in inventory. Although the token can be assigned or provisioned to a user in SAS, care must be taken to ensure that the same token is assigned to the same user in the third-party RADIUS server.
-
On the SAS console, select Tokens > Bulk Assign Third-Party Tokens.
-
Configure the import options as required:
Option Description Token Type
Select RADIUS .
Select the container from which token inventory should be allocated. The Default container holds all tokens unless additional containers have been created and inventory has been added to them.
Use containers to segregate imported tokens that will be allocated to Subscriber Accounts.
Import File
Select the file containing the tokens to be imported.
-
Select Import to import tokens from a selected file into inventory. By default, the imported tokens do not have PINs unless their token template is changed.
Import will fail for tokens that have a serial number that already exists in the Virtual Server. Token seed records can be re-imported after duplicates are removed from the Virtual Server inventory. The maximum file size is 10 Mb.
-
To store the provisioning results (also displayed on the import token UI) to the default web browser download folder, select Save Log As.
Note
- Typically, OATH-compliant tokens work fine with SAS. However, support can only be provided on a best effort approach as long as the 3rd party tokens have not been fully validated. You may be instructed to work with the token vendor for a resolution. For SAS Cloud: All 3rd party token seed records must be provided to Thales for import into SAS Cloud.
- For SAS PCE: All token seed records (except those in XML format) must be provided in an unencrypted format and converted to .btk file format by Thales. XML token seed records can be imported directly.