Importing classic Token2 tokens to Cyberark Idaptive

Idaptive provides web application single sign-on, multi-factor authentication (MFA/2FA), and analytics based around a zero trust security model. You can authenticate with Idaptive Identity Services using classic Token2  tokens (for example, C202 or OTPC-N) by bulk uploading those tokens. Idaptive Identity Services uses those tokens to generate one-time passcodes (OTP) that users with enrolled devices can immediately use to log in to the user portal.

Users without enrolled devices must first log in to the user portal and scan the Idaptive Identity Services generated QR code (using a third party authenticator) to get the passcode pushed to their devices.  When you upload these tokens, they will override any existing passcode users may have generated by scanning the Idaptive Identity Services generated QR code.

Before you start importing OATH tokens, you need a CSV file in the following format:

You can request the CSV file from Token2 after successful delivery using "Request seeds" button on your order page.  Make sure you specify the correct format for Idaptive:

Please do not forget to send your public GPG/PGP key when requesting the CSV - this will ensure the sensitive data is not sent over insecure channels (most email systems are still using insecure protocols). You will only need to modify the usernames (UPN column) -   please use a plain text editor, not spreadsheet editors like MS Excel as it may break the format.

Idaptive Identity Services validates one OATH token per user. If your CSV file contains more than one OATH token for the same user, the last token (the one lowest in the spreadsheet) is validated for that user.

Follow the steps below to bulk upload OATH tokens:

  • Log in to Admin Portal.
  • Navigate to Settings > Authentication > OATH Tokens.
  • Click Bulk Token Import.

    Importing classic Token2 tokens to Cyberark Idaptive

  • Click Browse, navigate to your CSV file, and upload it.
  • Click Next.
  • Review the first 15 rows and if they look correct, click Next.
  • If you see an error, cancel the upload and fix the error.
  • Confirm the email address or enter a different one where a bulk import report will be sent.
  • Click Confirm.
  • A bulk import report email is sent to the specified email address.
  • Refresh the OATH Tokens page to see the uploaded instance.

If you have not configured the OATH OTP policy, you need to do so before users can use the generated passcodes. When you configure the OATH OTP policy, you can also define if users can see the QR code from the user portal

Cyberark IDAptive