Hard Tokens

A hard token is a device that generates an OTP and can be used in conjunction with a password as an electronic key to access something. Hard tokens come in many different device types, it could be a key fob which can be clipped onto a keyring or in a credit card form which can be stored in a wallet.

ESA supports all OATH compliant HOTP hard tokens but ESET does not supply them. The hard token HOTPs can be used in the same way as the OTPs generated by the mobile app or sent to the user via SMS. Scenarios where this may be useful is to support legacy token migration, for compliance or if it fits with the company policy.

To use and manage hard tokens, see instructions below.

Enable and Import Hard Tokens

1.In the ESA Web Console, click Hard Tokens.

2.Select the Enabled checkbox.

3.Click the Import Hard Tokens... button.

4.Select the file to import. This should be an XML file in the PSKC format. If such a file was not received from the hard token vendor, contact the vendor. If the XML file is password protected or protected by an encryption key, type the password or encryption key (HEX or base64 format) to the Password field in Import Hard Tokens window.

5.Click the Import tokens button.

6.A result notification will pop up indicating how many hard tokens were imported and the imported hard tokens will be displayed.

hard_tokens_imported

Click here to view image larger

Assign Hard Token to a user

1.In the ESA Web Console, click Users.

2.Click the name of the appropriate user.

3.Click the toggle next to Hard Token and select a hard token from the list.

4.Click Save.

hard_token_user_assign2

Click here to view image larger

Revoke Hard Tokens

Revoking a hard token for a user will also disable that user for hard token authentication.

1.In the ESA Web Console, click Hard Tokens.

2.Select the appropriate tokens and click Revoke.

 

Resynchronize a Hard Token

There is a possibility that a hard token becomes out of sync with the system. This can happen if a user generates many new OTPs in a short span of time. In this scenario, a resynchronization will be required.

A token can be resynchronized as follows:

1.In the ESA Web Console, click Hard Tokens.

2.In the appropriate row, click icon_hard_token_actions , and select Resynchronize Hard Token.

hard_tokens_resync2

Click here to view image larger

3.Generate and enter two consecutive OTPs using the selected hard token.

hard_tokens_resync2_enter-otp

4.Click the Resynchronize button.

5.A successful message will display.

 

Delete Hard Tokens

1.In the ESA Web Console, click Hard Tokens.

2.Select the appropriate tokens and click Delete.