11.0 Managing Tokens

Managing Tokens functionality helps you to import a file that contains information about multiple tokens and you can assign the tokens to specific users such that the user can pass through the OATH authentication method.

To access Tokens Management portal, you must assign chains to the Tokens Management event in the Events section.

To import token files, perform the following steps:

  1. Log in to the Advanced Authentication Tokens Management portal (https://<AdvancedAuthenticationServer>/tokens).

  2. Click Add.

  3. Click Browse and add a PSKC or CSV file.

  4. Select the File type. The options available are:

    • OATH compliant PSKC: This file type must be compliant with OATH. For example, HID OATH TOTP compliant tokens.

    • OATH csv: This file type must contain the format as described in CSV File Format To Import OATH Compliant Tokens. You cannot use the YubiKey CSV files.

    • Yubico csv: In this file type, you must use one of the supported Log configuration output (see YubiKey Personalization Tool > Settings tab > Logging Settings) formats with comma as a delimiter.

      • Traditional format: In this file type, OATH Token Identifier must be enabled.

      • Yubico format: This file type is supported only for HOTP Length set to 6 Digits and OATH Token Identifier set to All numeric.

      IMPORTANT: Moving Factor Seed must not exceed 100000.

  5. Add the encrypted PSKC files. Select Password or Pre-shared key in PSKC file encryption type and provide the information.

  6. Click Upload to import tokens from the file.

NOTE: Advanced Authentication receives an OTP format from the imported tokens file and stores the information in the enrolled authenticator. Therefore, Advanced Authentication administrator need not change the default value of OTP format on the Method Settings Edit tab. For more information on the OTP format, see OATH OTP.

When the tokens are imported, you can see the list of tokens on the Tokens Management Portal. You must assign these tokens to the users. The tokens can be assigned either by an administrator or by user in the following ways:

  • As an administrator, you can do the following:

    1. Click Edit next to the token.

    2. Select Owner.

    3. Click Save.

  • A user can self-enroll a token in the Self-Service portal. Administrator must let the user know an appropriate value from the Serial column for the self-enrollment.