RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
RSA Authentication Manager 7.1 Administrator's Guide - IT Services ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>RSA</strong> <strong>Authentication</strong> <strong>Manager</strong> <strong>7.1</strong> Administrator’s <strong>Guide</strong><br />
Enabling and Disabling Tokens<br />
As an administrator, one of your tasks is enabling and disabling tokens so that they<br />
can be assigned to users and used for authentication. Enabled and disabled are terms<br />
that describe the token’s authentication status. An enabled token can be used for<br />
authentication, but a disabled token cannot.<br />
After <strong>Authentication</strong> <strong>Manager</strong> is installed, tokens must be imported into the system.<br />
All imported tokens are automatically disabled. This is a security feature that protects<br />
the system in the event that the tokens are lost or stolen.<br />
Note: A disabled token does not refer to a token belonging to a user who has been<br />
locked out of the system. Disabling a token is done manually, by the administrator,<br />
and means that the token cannot be used for authentication. Lockout applies to a user’s<br />
account, not a user’s token.<br />
You can manually enable and disable tokens on the Edit Token page in the Security<br />
Console. You must enable a token before it can be used for authentication.<br />
Important: Tokens are automatically enabled when first assigned to a user.<br />
In these situations, you should disable a token after it has been assigned to a user:<br />
• When it is going to be mailed or delivered to a user. Re-enable the token when<br />
you know that it has been successfully delivered to the user to whom it has been<br />
assigned.<br />
• If you know that the user to whom the token is assigned does not need to<br />
authenticate for some period of time. For example, you may want to disable a<br />
token belonging to a user who is going away on short-term leave or extended<br />
vacation. Once you disable the token, that user cannot authenticate with the token<br />
until the token is re-enabled.<br />
Note: Disabling a token does not remove it from the system. Disabled tokens can be<br />
viewed using the Security Console.<br />
For example, assume that one of your users is taking a one-time leave of absence.<br />
Although the user will be out of the office for one month, the user will need the ability<br />
to authenticate upon returning to work. Since the user’s account is going to be inactive<br />
for one month, you disable the user’s token and the user’s account during that time<br />
period. When the user returns to work, you enable the user’s account and the user’s<br />
token so that the user can authenticate and access the resources protected by<br />
<strong>Authentication</strong> <strong>Manager</strong>.<br />
Note: You can only enable and disable tokens in security domains that are included in<br />
your administrative scope.<br />
For instructions, see the Security Console Help topics “Enable Tokens” and “Disable<br />
Tokens.”<br />
102 4: Administering Users