User tokens

>>> Check the overall page with all operators features <<<

The Tokens tab is part of user token management which is a feature that allows an operator to manage tokens used as a second factor in authenticating a user's identity. There are a variety of token types that an operator can enroll on behalf of each user, from sms or email tokens, to hardware tokens in the form of cards or tokens.

Available actions for user with appropriate privileges:

Add a new token		Enroll new token on behalf of user.
View token detail		Display the page with all details of the specific token.
Modify existing token		Modify user comment (if allowed) or mobile phone number for SMS token or email address for Email token.
Test of token		Test token to verifi that it is working correctly.
Disable / enable token		Disable or enable token - disabled token can't be used for verification as a second factor.
Delete token		Permanently delete token.
Reset token		Reset HOTP type of token.

Status of the token:

ACTIVE		The token is active and ready to be used for user identity verification (in login or approval processes).
DISABLED		The token is disabled and cannot be used to authenticate the user's identity.
OBSOLETE		Token is out of date and it needs to be deleted and registered another one. For example, if it is an SMS or EMAIL token, it is possible to delete it and replace it with a so-called Virtual token, which works exactly the same - based on sending an OTP to an email address or mobile phone.

Add new token

Enrollment of the tokens is slightly different from type to type. For detailed instructions visit page for the specific token:

Press the ADD NEW TOKEN button on the TOKENS tab on the detail of the user and select the token type that can be registered on behalf by operator:

SMS token
Email token
Virtual token (combination of SMS or Email token type - see above)
Physical TOTP token
Physical HOTP token

Click on the links to see the detail of the enrollment of specific token.

Note: token types names are fully adjustable by administrator, so it could be different from used samples.

Display token detail

1	Open the User detail, go to the Tokens tab.
2	Press the VIEW TOKEN button [ ] within the chosen token and confirm the disable / enable action
3	The detail page contains information about: Status - ACTIVE / DISABLED Description Device - in case of SMS or Email tokens there is mobile phone nuber or email address), otherwise this field contains serial number of HW token Last used - the date of last usage of the token Updated - date of the last update of the token Expires - expiration date of the token (valid for physical tokens)
4	Context menu [ ] also contains buttons for actions available for the token.

Edit token

1	Open the User detail, go to the Tokens tab.
2	Press the EDIT button [ ] within the chosen token from context menu [ ]. Not all token types allow editing - SMS or Email token (or Virtual token) allow to change the email address or mobile phone number. Other tokens allow to change the User comment if this value was entered during enrollment.
3	A new form with the parameters of the token will be opened.
4	Adjust the available parameters and press SAVE button to save the changes.

Delete token

Open the User detail, go to the Tokens tab.

Press the DELETE TOKEN button [ ] within the chosen token and confirm the removal.

Note: the user should normally have at least one active token to use as a second authentication factor. In cases where this is necessary, it is possible to remove or disable all of the user's tokens.

Token list will be displayed where the removed token won't be displayed.

Test token

1	Open the User detail, go to the Tokens tab.
2	Press the TEST TOKEN button [ ] within the chosen token from context menu [ ]. Not all token types allow the test action to be performed.
3	The application opens a new window for test action of specific token: SMS token Email token Virtual token (combination of SMS or Email token type) TOTP Physical token HOTP Physical token
4	If everything is correct, you will see information about the successful test.
5	If the token test result is negative, you can do any of the following: delete the token and enroll it again reset the token - not all token types allows it (applies to HOTP type tokens)

Reset token

1	Open the User detail, go to the Tokens tab.
2	Press the RESET TOKEN button [ ] within the chosen token from context menu [ ]. Not all token types allow the reset action to be performed (mainly hotp types of tokens).
3	The new window for entering the control OTPs.
4	Generate two one-time passwords (OTP) from Authenticator app in your mobile device or a hardware key, enter them into the app and press RESET button. It is necessary to follow the order of entering both OTPs
5	If everything is correct, you will see information about the successful reset.

Disable/enable token

Open the User detail, go to the Tokens tab.

Press the DISABLE TEMPORARILY button [ ] within the chosen token from context menu [ ] and confirm the disable / enable action

Note: the user should normally have at least one active token to use as a second authentication factor. In cases where this is necessary, it is possible to remove or disable all of the user's tokens.

The token will be disabled - the status will change to DISABLED - and it won't be possible to authorize by this token within the loging or any other operation.