Tokens
You can view your registered tokens on the Tokens tab. The token list includes information such as the token type, token state, serial number, container, and user ID.
Token states
View a count of all token types in the account's inventory by state.
- On the SAS console, select Snapshot > Token States.
Token state | Description |
---|---|
Initialize | Tokens that must be reinitialized before they can be assigned or provisioned. |
Inventory | Tokens that are available for assignment or provisioning. |
Assigned | Tokens that are assigned to a user but not yet used to authenticate. |
Active | Tokens that are assigned to users and have been used to authenticate. |
Suspended | The token cannot be used to authenticate until it is reactivated or unlocked by an Operator. It remains assigned to a user. Tokens are usually suspended if there is a security concern, such as a lost or misplaced token. |
Locked | The token cannot be used to authenticate until the unlock policy is triggered or until the token is reactivated by an Operator. This state occurs when a user exceeds the maximum consecutive failed logon attempts threshold. The automatic locking and unlocking of tokens is controlled by the Account Lockout/Unlock Policy. |
Lost / Faulty | This is a state applied by an Operator when revoking a token. Revoked tokens are returned to Inventory in this state where they can be permanently removed or if the token is subsequently found or determined to function properly, it can be reinitialized into the Inventory state. |
Search for tokens
Search for your registered tokens and then manage tokens from the Token List, such as move tokens to a different container, reset the PIN policy, or delete.
-
On the SAS console, select Tokens > Tokens.
-
Enter the search criteria.
Search field Description Token Type Refine the list to a specific type of token. State Refine the list to tokens in a selected state. Serial # Search by partial or complete serial number to find a range or specific token. Container Lists only the tokens that are held in the selected container. -
Select Search.
-
Manage the tokens as required:
-
Move—Select tokens and then click Move to place them in a different container.
-
Reset PIN Policy—Apply the current Server-side PIN policy to the selected range of tokens. This function is not available for tokens initialized with Token-side PINs. Tokens must be in the Inventory state.
-
Delete—Select tokens and then click Delete to remove them from the Virtual Server Inventory. Delete cannot be used with rented tokens. Rented tokens must be deallocated by the Service Provider.
-
User ID—Click to access the user’s record and management functions. The additional Assignment modules display.
-
Serial Number—Click to display the token operating parameters, in-use statistics, organizational ownership, and MobilePASS app details (the target OS, Push OTP state, and the device type). Under Mobile App, the Push OTP field displays only if the push feature is enabled in Policy > Token Policies. If the push feature is enabled, the state of the Push OTP feature is displayed here. The states are:
-
Enabled—Displays if the user has permitted Push OTP notifications on the device.
-
Disabled— Displays if the user has not permitted Push OTP notifications on the device, but the application is push capable (for example, on MobilePASS+).
-
Not Applicable— Displays if the application is not push capable (for example, on MobilePASS 8).
-
-
-
To display token details, select the serial # of the token from the list of search results.
View the token change log
Display the last five token management operations in the Virtual Server. The log displays a row for each token operation that includes the token serial number, the action, a date/time stamp of the operation, the name of the Operator who performed the action, the organization to which the Operator belongs (for example, your organization or service provider), and any comment provided by the Operator.
-
On the SAS console, select Tokens.
-
Do one of the following:
-
Select Tokens and then select Change Log.
-
In the Shortcuts pane, select View Change Log.
-
List locked tokens (shortcut)
A token changes to a locked state when a user exceeds the maximum consecutive failed logon attempts threshold. A locked token can be reactivated by an Operator. The automatic locking and unlocking of tokens is controlled by the Account Lockout/Unlock Policy.
To display details about tokens that are locked due to excessive consecutive failed authentication attempts (State = Locked):
- On the SAS console, select Shortcuts > List Locked Tokens.
List lost tokens
A token is changed to a lost state by the Operator when revoking a token. A revoked token is returned to inventory in this state where it can be permanently removed or, if the token is subsequently found or determined to function properly, reinitialized into the inventory state.
To display details about tokens that have been placed in a lost or failed state by the Operator (State = Lost/Failed):
- On the SAS console, select Shortcuts > List Lost Tokens.
Token Policies
This module allows you to access and configure policies that affect token usage and operation. To navigate to different token policies, select Virtual Servers > Policy > Token Policies.
For more information on each token policy, refer to: