Import SafeNet tokens

Tokens can be added to inventory by importing their seed files:

• RB, KT, and eToken PASS seed files can be regenerated, if necessary, as described in Initialize hardware tokens

• Other OTP token type seed files cannot be regenerated

By default:

• Token templates force a user-selected PIN on imported tokens

• GOLD/eTokens do not have PINs, unless their token template policy is changed

Import will fail for tokens with a serial number that already exists in the Virtual Server. Token seed records can be re-imported after duplicates are removed from the Virtual Server inventory. The maximum file size is 10 Mb.

1. On the SAS console, select Tokens > Import SafeNet Tokens.

   

2. Click Browse and browse to the file location.

3. Double-click the file to be imported (maximum file size = 10 Mb).

   The file name displays in the Choose File field.

4. Click Choose File. The file name displays in the Selected File field.

5. (For xml files only) SAS prompts for a password. Type your password in the field provided.

6. Click Import. SAS displays the result (for example, a list of the tokens that were added).

7. (Optional) Click Save Log to save the import results to your default web browser Download folder.

   An example of the import results log follows:

   * The following tokens have been successfully added:
   Total: 2 tokens added.
   Token: 1, Serial: GAKT00040D6D, Type: eToken
   Token: 2, Serial: GAKT00040D6E, Type: eToken
   The following tokens already exist.
   
   Total: 2 tokens exist.
   Token: 1, Serial: GAKT00040D6F, Type: eToken
   Token: 2, Serial: GAKT00040D71, Type: eToken
   

8. Click the Tokens module. The Search section displays.

9. Select eToken from the drop-down menu in the Token Type field.

10. Click Search. A list of the search results displays.

    

11. Click a Serial # from the Token List. SAS displays details about the token.

Configure the window size for a time-based token’s first authentication

You can configure an expanded evaluation window (maximum value = 300) that applies only to the first authentication attempt after a token record is imported - to adjust for token drift - so that the time-based tokens can be conveniently synchronized. Subsequent authentication attempts with the tokens will be restricted to the Inner window (maximum = 10) and Outer window (maximum = 100) values. See Token synchronization for information about inner and outer windows.

1. On the SAS console, select Policy > Token Policies > Synchronization. The Synchronization section displays.

2. Type a value in the First authentication time-based OTP window size field.

   The recommended size for a first-authentication time-based OTP window is 200. A too-small value will result in unexpected challenges for additional authentication from SAS. A too-large value may reduce the security of your authentication process.

3. Click Apply to save your changes.

   If multiple first-authentication attempts fail, verify that the First authentication time-based OTP window size is set correctly. Next, to reset the affected tokens, delete them from SAS and re-import the file with the tokens.