Users without enrolled devices must first log in to the user portal and scan the Idaptive Identity Services generated QR code (using a third party authenticator) to get the passcode pushed to their devices. When you upload these tokens, they will override any existing passcode users may have generated by scanning the Idaptive Identity Services generated QR code.
Before you start importing OATH tokens, you need a CSV file in the following format:
User Principal Name,Token Identifier,Secret Key (HEX),Account Name,Issuer,Algorithm,OTP Digits,Type,Period,Counter [email protected],000000000001,15d2fa517d3c6b,User1,someCompany,Sha1,6,Totp,30,0
You can request the CSV file from Token2 after successful delivery using "Request seeds" button on your order page. Make sure you specify the correct format for Idaptive:
Please do not forget to send your public GPG/PGP key when requesting the CSV - this will ensure the sensitive data is not sent over insecure channels (most email systems are still using insecure protocols). You will only need to modify the usernames (UPN column) - please use a plain text editor, not spreadsheet editors like MS Excel as it may break the format.
Idaptive Identity Services validates one OATH token per user. If your CSV file contains more than one OATH token for the same user, the last token (the one lowest in the spreadsheet) is validated for that user.
Follow the steps below to bulk upload OATH tokens:
If you have not configured the OATH OTP policy, you need to do so before users can use the generated passcodes. When you configure the OATH OTP policy, you can also define if users can see the QR code from the user portal