There are 2 ways you can enroll pre-programmed OATH hardware tokens into Entra ID
- Use Entra ID Portal
- Use SafeID Token Service
Entra ID Portal
Microsoft Entra ID portal provides a basic facility that allows you to enroll the pre-programmed OATH hardware tokens. To enroll hardware tokens using the Entra ID portal, you will need to go through steps below:
- Download the token secret file
- Assign tokens to users
- Upload tokens to Entra ID
- Activate tokens in Entra ID
Step 1: Download the Token Secret File
| Expand |
|---|
| Include Page |
|---|
| How to request token seed or secret file |
|---|
| How to request token seed or secret file |
|---|
|
|
Step 2: Assign tokens to users
Once you have downloaded the secret file of your tokens, you need to assign tokens to your Entra ID users.
There are 2 ways you can assign tokens to users
| Expand |
|---|
| title | Using the SafeID Enrollment Assistant... |
|---|
|
| Include Page |
|---|
| Assign tokens using the SafeID Enrollment Assistant |
|---|
| Assign tokens using the SafeID Enrollment Assistant |
|---|
|
|
| Expand |
|---|
| title | Using a text editor... |
|---|
|
| Include Page |
|---|
| Assign tokens using a text editor |
|---|
| Assign tokens using a text editor |
|---|
|
|
Step 3: Upload tokens to Entra ID
Once you have assigned tokens to users, you can upload the token assignment file onto Entra ID
| Expand |
|---|
| Include Page |
|---|
| Upload tokens onto Entra ID |
|---|
| Upload tokens onto Entra ID |
|---|
|
|
Step 4: Activate tokens in Entra ID
Finally, you will need to activate tokens by providing a verification code from the token, one by one.
| Expand |
|---|
| Include Page |
|---|
| Activate tokens in Entra ID |
|---|
| Activate tokens in Entra ID |
|---|
|
|
SafeID Token Service
As you will see, the facility provided by Entra ID is very basic and not flexible. It does not provide functions for you to quickly assign only one token to a user or to reassign a token, for instance. If you have a small number of hardware tokens to manage, then it is OK to use the Azure AD portal. However, if you have a large number of hardware tokens to manage, then we would recommend the SafeID Token Service
SafeID Token Service provides a Web-based GUI console that allows customers to manage the full life cycle of the SafeID hardware tokens by simply pointing and clicking. You can assign, activate, deactivate, unassign, delete and replace a token, etc with one single click.
Click here for detailed instructions on how to manage hardware tokens with SafeID Token Service