Device Management

AAA Server Device Repositories

When you import pre-initialized devices, the AAA Server automatically stores authentication devices in the root device folder. You can create additional folders (new repositories) in the Administration Console's root directory for storing devices, instead of permitting the AAA Server to automatically store all devices in the root.

Whether you have a large user database or a relatively small one, it's easier to manage devices if you store them in an organized way. How you choose to store them depends on your organizational structure, and most specifically:

  • How you have set up your LDAP directory.
  • Groups already in your LDAP system.
  • How you have categorized your users.

Consider organizing your repositories based on your LDAP structure (if appropriate).

Note: You cannot change the name of an existing repository, so you must carefully decide on your repository structure and naming before you begin creating repositories.

Some general categories to consider are:

  • Partners, Employees, Customers, Suppliers.
  • Device-specific categories (for example, Smart Cards, Tokens).
  • You might want to organize your repositories to mirror your company structure (for example, by department) or by region (for example, Asia Pacific), or by physical location of authentication servers (for example, London, Paris, New York).
  • You can also use repositories to separate batches of devices (for example, assigned vs. unassigned).

You can continue creating new repositories as your system develops over time.

After you begin to create new repositories, you can:

  • Continue to store devices in the root repository (if appropriate).
  • Select a different repository each time you import a device.
  • Set a repository to be the default repository.
  • Create sub-repositories within repositories.

Supported Authentication Devices

Users can generate challenge/response and one-time passwords (OTP) with the following devices:

  • ActivID Token (v1 and v2)*
  • ActivID Keychain Token (v1 and v2)*
  • ActivID Mini Token (AE, AT, OT and OE)*
  • ActivID Desktop Token (formerly Token XL)*
  • ActivID Pocket Token (AT and OT)*
  • ActivID USB Key (for ActivID ActivClient)
  • ActivID Smart Card (for ActivID ActivClient)
  • HID Approve Tokens (mobile application for Apple® iOS®, Google® Android® and Microsoft® Windows® 10)
  • ActivID PC Soft Tokens (v2)**
  • ActivID Mobile Soft Tokens (v2)**
  • ActivID Web Soft Tokens (v2)**

* No software client required.

** Soft Tokens v2 require that the AAA Web Help Desk is installed.

Important: As of AAA Server 7.0, ActivID PC, Mobile and Web Soft Tokens can still be used and managed, but can no longer be activated. When users with these tokens log on to the Web Self Help Desk, they are automatically guided through a replacement procedure where their soft tokens are replaced with HID Approve Tokens.
Note: You can initialize devices using the ActivID Device Initialization Tool. This is a free tool that can be downloaded from the HID Global website.

The different types of devices are sometimes managed differently. For example, if you delete a smart card or a USB key (with an ActivClient profile) from the AAA solution, then it cannot be re-initialized and it is lost forever. However, you can always re-initialize and re-use a hardware token.

As an alternative to tokens, AAA Server also supports an SMS-based two-factor authentication solution. An OTP is sent, on demand, to a user's mobile phone. The user can then authenticate with this OTP.