Token
Once the user register in the app, a token is created and assigned to that user. A token is an identifier generated when the app user creates their user ID, which is it is later used to generate OTPs in two-factor authentications.
Important
A token will be created only if the project includes the creation of tokens as part of the two-factor authentication method.
Important
A token will be created only if the project includes the creation of tokens as part of the two-factor authentication method.
The Token subsection in AS includes the Disable Token and Destroy Token pages. Refer to the sections below to learn more about each of these actions available.
You might need to disable or destroy tokens based on security issues. On one hand, in the case of a request reported by an app user, so that they are not able to operate with their tokens; for example, if they had their device or user information stolen. On the other hand, if an unsual activity is identified in the monitoring system; for example, if the user attempts to execute a large number of transactions in a short period of time.
Important
Each user has only one token.
Disable Token
On the Disable Token page, (Utilities > Token> Disable Token), you can disable one or more active tokens, each associated to a different user under a specific domain. Refer to the instructions below to learn how to disable a token.
Caution
Once an active token is disabled, the app user can no longer operate with that token under the domain where the user was created.
Go to the Disable To page (Utilities > Token> Disable Token).
The page opens, where you configure the settings to disable a token.
In the Domain field, click the arrow and select a domain from the drop-down menu.
In the User ID field, enter the user ID to which the token you want to disable is associated. Once you enter the full user ID, enter ";" so that the text turns into a chip. To eliminate a user ID, click the X icon. You can enter up to ten IDs.
In the Status field, click the arrow and select an option from the drop-down menu, which refers to the action required to reset the token. Select Soft Resync Required so that the token requires a token resynchronization through software, or Hard Resync Required so that the token requires a token resynchronization through hardware.
If the system successfully disabled the tokens associated to all the users you entered, a success message appears. If the system couldn't disable one or more tokens, a message indicates that some tokens were not disabled.
Then, you are redirected to the Disable Token page, which shows a list of the tokens you attempted to disable, the User ID associated to them and their status together with a description. The Status can be Disabled or Not Disabled. If the token was successfully disabled, the Description field appears empty and if the token couldn't be disabled, this field shows the associated error code.
Note
All the fields in this page are mandatory.
Destroy Token
On the Destroy Token page, (Utilities > Token> Destroy Token), you can destroy one or more active tokens, each of which is associated to a different user. Refer to the instructions below to learn how to delete a token.
Go to the Destroy Token page (Utilities > Token> Destroy Token).
The page opens, where you configure the settings to destroy a token.
In the Domain field, click the arrow and select a domain from the drop-down menu.
In the User ID field, enter the user ID to which the token you want to disable is associated. Once you enter the full user ID, enter ";" so that the text turns into a chip. To eliminate a user ID, click the X icon. You can enter up to ten IDs.
If the system successfully destroyed the tokens associated to all the users you entered, a success message appears. If the system couldn't destroy one or more tokens, a message indicates that some tokens were not destroyed.
Then, you are redirected to the Destroy Token page, which shows a list of the tokens you attempted to destroy, the User ID associated to them and their status together with a description. The Status can be Destroyed or Not Destroyed. If the token was successfully destroyed, the Description field appears empty. If the token couldn't be destroyed, this field shows the associated error code.