Manage hardware tokens

When assigning hardware tokens to users, it's convenient to keep track of all devices that have been assigned to identify tokens that are still available in the system.

You may also need to add more tokens to the service to replace the broken ones or provide them for new users.

​Akamai​ supports HOTP and TOTP hardware tokens.

  • HOTP stands for HMAC-based One-time Password Algorithm that generates event-based, one-time passwords (OTPs) on the basis of Hashed Message Authentication Code (HMAC). To generate each new code, the algorithm relies on a moving factor - a code counter- that increases each time when the token button is pressed by the user.
  • TOTP stands for Time-based One-time Password Algorithm that generates time-based one-time passwords (OTPs). To generate new OTPs, the algorithm relies on time increments referred to as timestamps. New codes remain valid during the timestamp duration, which typically is 30 or 60 seconds.

Follow this instruction to learn how you can manage hardware tokens.

Before you begin

You have assigned hardware tokens to a group of users.

How to

  1. In the Enterprise Center navigation menu, select Multi-factor Authentication > General Settings > Settings.

  2. On the Settings page, scroll down to Hardware Tokens.

  3. In Total tokens, you can view all the tokens registered in the service.

  4. In Unassigned tokens, check the total number of unassigned tokens. To export the list of unassigned tokens in csv format, click Download hardware tokens.

  5. To import new hardware tokens, click Add more tokens.

  6. In the Upload token seed file dialog, go to Token type and select the type of tokens you want to upload, either TOTP or HOTP.

    1. In Code Length, specify the number of digits shown on the token.
    2. For HOTP tokens, specify the token’s Event Counter value. The default value of a new HOTP hardware token is 0.
    3. For TOTP tokens, specify the Time Period when the token generates new codes. The default value is 30 seconds.
    4. Create a csv file of the maximum size of 1MB. The file needs to contain a header row with the following column titles: SerialNumber and SecretKey. You can also specify additional columns. Each subsequent row represents one token. For each token, provide the SerialNumber and SecretKey values and any additional data you specified in the header row:
    • SerialNumber. Uniquely identifies each hardware token.
    • SecretKey. Used by the algorithm to generate passcodes.
      All tokens must be of the same type that you indicated in the Token type field.
  7. Select your csv file with new hardware tokens, and click Open.

  8. Click Upload.

Depending on the results of the upload process, you can see one of these banners:

  • Successfully uploaded all hardware tokens. This message displays when all new hardware tokens are added to the service.
  • Upload failed for … out of … tokens: duplicates …., existing: ….. See the downloaded csv file for details. This message displays if MFA identifies the following issues with the data included in the csv file:
    • Duplicate tokens. Your csv file contains duplicate entries. Check the downloaded error file to find them.
    • Existing tokens. Your ​Akamai MFA​ service already contains hardware tokens that you’ve been trying to upload again. Check the downloaded error file to find these entries.