Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

SAS PCE

Tokens

search

Please Note:

printsuggest an editpdf paneldownload

Tokens

You can view your registered tokens on the Tokens tab. The token list includes information such as the token type, token state, serial number, container, and user ID.

copy link to clipboardToken states

View a count of all token types in the account's inventory by state.

  • On the SAS console, select Snapshot > Token States.

alt_text

Token state Description
Initialize Tokens that must be reinitialized before they can be assigned or provisioned.
Inventory Tokens that are available for assignment or provisioning.
Assigned Tokens that are assigned to a user but not yet used to authenticate.
Active Tokens that are assigned to users and have been used to authenticate.
Suspended The token cannot be used to authenticate until it is reactivated or unlocked by an Operator. It remains assigned to a user. Tokens are usually suspended if there is a security concern, such as a lost or misplaced token.
Locked The token cannot be used to authenticate until the unlock policy is triggered or until the token is reactivated by an Operator. This state occurs when a user exceeds the maximum consecutive failed logon attempts threshold. The automatic locking and unlocking of tokens is controlled by the Account Lockout/Unlock Policy.
Lost / Faulty This is a state applied by an Operator when revoking a token. Revoked tokens are returned to Inventory in this state where they can be permanently removed or if the token is subsequently found or determined to function properly, it can be reinitialized into the Inventory state.

copy link to clipboardSearch for tokens

Search for your registered tokens and then manage tokens from the Token List, such as move tokens to a different container, reset the PIN policy, or delete.

  1. On the SAS console, select Tokens > Tokens.

    alt_text

  2. Enter the search criteria.

    Search field Description
    Token Type Refine the list to a specific type of token.
    State Refine the list to tokens in a selected state.
    Serial # Search by partial or complete serial number to find a range or specific token.
    Container Lists only the tokens that are held in the selected container.

  3. Select Search.

    alt_text

  4. Manage the tokens as required:

    • Move—Select tokens and then click Move to place them in a different container.

    • Reset PIN Policy—Apply the current Server-side PIN policy to the selected range of tokens. This function is not available for tokens initialized with Token-side PINs. Tokens must be in the Inventory state.

    • Delete—Select tokens and then click Delete to remove them from the Virtual Server Inventory. Delete cannot be used with rented tokens. Rented tokens must be deallocated by the Service Provider.

    • User ID—Click to access the user’s record and management functions. The additional Assignment modules display.

    • Serial Number—Click to display the token operating parameters, in-use statistics, organizational ownership, and MobilePASS app details (the target OS, Push OTP state, and the device type). Under Mobile App, the Push OTP field displays only if the push feature is enabled in Policy > Token Policies. If the push feature is enabled, the state of the Push OTP feature is displayed here. The states are:

      • Enabled—Displays if the user has permitted Push OTP notifications on the device.

      • Disabled— Displays if the user has not permitted Push OTP notifications on the device, but the application is push capable (for example, on MobilePASS+).

      • Not Applicable— Displays if the application is not push capable (for example, on MobilePASS 8).

  5. To display token details, select the serial # of the token from the list of search results.

    alt_text

copy link to clipboardView the token change log

Display the last five token management operations in the Virtual Server. The log displays a row for each token operation that includes the token serial number, the action, a date/time stamp of the operation, the name of the Operator who performed the action, the organization to which the Operator belongs (for example, your organization or service provider), and any comment provided by the Operator.

  1. On the SAS console, select Tokens.

  2. Do one of the following:

    • Select Tokens and then select Change Log.

    • In the Shortcuts pane, select View Change Log.

    alt_text

copy link to clipboardList locked tokens (shortcut)

A token changes to a locked state when a user exceeds the maximum consecutive failed logon attempts threshold. A locked token can be reactivated by an Operator. The automatic locking and unlocking of tokens is controlled by the Account Lockout/Unlock Policy.

To display details about tokens that are locked due to excessive consecutive failed authentication attempts (State = Locked):

  • On the SAS console, select Shortcuts > List Locked Tokens.

copy link to clipboardList lost tokens

A token is changed to a lost state by the Operator when revoking a token. A revoked token is returned to inventory in this state where it can be permanently removed or, if the token is subsequently found or determined to function properly, reinitialized into the inventory state.

To display details about tokens that have been placed in a lost or failed state by the Operator (State = Lost/Failed):

  • On the SAS console, select Shortcuts > List Lost Tokens.

copy link to clipboardToken Policies

This module allows you to access and configure policies that affect token usage and operation. To navigate to different token policies, select Virtual Servers > Policy > Token Policies.

alt_text

For more information on each token policy, refer to:

On this page