Manage the Soft Token Blacklist

The Soft Token Blacklist enables you to disallow the activation and authentication of specific types of soft tokens (by platform and version).

From the Administration Console, you can create new entries in the blacklist and modify or remove existing ones.

Note: As of AAA Server 7.0, after installation of Web Help Desk, the Soft Token Blacklist is automatically pre-populated with all ActivID Soft Tokens, *only for activation*. It is not recommended that activation blacklisting for these devices be removed as unpredictable behavior can result.
While the devices can no longer be activated, existing users with enrolled ActivID Soft Token devices can continue to use these devices until such time as they log into the AAA Self Help Desk. At this time, they are guided through steps to replace their ActivID Soft Token devices with the HID Approve Secure Token.

ActivID AAA Server Administration Console and Web Help Desk enables administrators to assign tokens to users and to manage the complete token lifecycle (for example, assignment, synchronization, and un-assignment). Note that as of AAA Server 7.0, ActivID Soft Tokens are automatically added to the Device Blacklist for assignment and enrollment functions. Existing ActivID Soft Tokens can now only be unassigned or deleted, and new ActivID Soft Tokens cannot be enrolled.

Note: Soft Token configuration at the AAA Server group-level takes precedence over the blacklist definitions.

  1. From the Devices menu, select Soft Token Blacklist.

  2. To create a new entry, click Add.

    Note: The Versions field must contain a value.
    1. From the Platform drop-down list, select the type of soft token you want to disable.

    2. In the Versions field, enter the code(s) of the soft token to disable:

      • Each code must contain two digits without spaces or special characters.
      • Separate the codes using semi-colons and without spaces (for example, 12;20;33).
      • To exclude all versions of a platform, enter *.
      • To only disable activation of the soft token, add :1 after the version code (for example, 21:1). The soft token can still be used for authentication.
      • To disable activation of all versions of a platform, enter *:1. The soft token can still be used for authentication.
    3. Click OK.
    Note: Version Code Mapping: There is a unique mapping between the Soft Token version number and version code applied in the blacklist. For example, the PC Soft Token version 4.0.0.1 might be version code 01. For the version codes, see the Soft Token release notes.

  3. To disable activation and authentication for legacy soft tokens (that is, versions earlier than 4.0), select the Exclude activation and authentication... option.

    Note: Only soft tokens version 4.x or later include platform identification information.
  4. To modify an entry:
    1. Select the required entry in the list and click Edit.
    2. Modify the Version Code and click OK.
    Note: You cannot modify the platform label.

  5. To remove an entry from the list:

    1. Select the required entry, click Remove, and then click OK.

       

    2. Click Yes to proceed with the removal.
  6. Export the data to the AAA Server(s). See Export Data to the AAA Server(s).