TPS administrators can perform all of the agent tasks through the Agent Operations tab of the TPS agent services page. Additionally, they can perform two tasks through the Administrator Operations tab: listing and searching tokens (with different editing options) and deleting tokens. Listing tokens automatically returns all enrolled tokens in the TPS; searching for a token returns the specific token matching the search criteria (token or user ID).
Selecting a token from the complete list or from the search results will open the token's details page.
The activities available through the administrator token details page are different than the ones available through the agent token details page:
-
Showing the activities performed on the token.
-
Editing the token.
-
Deleting the token.
Clicking the Show Activities button in the token details page returns a list of all activities which have been performed on the token, same as the agent operation.
Clicking the Edit button opens up a page listing the token owner UID, the token CUID, the token status, and the token policy. Administrators can edit the user ID associated with the token and the token policies.
The token owner UID can be any username.
The two supported token policies are RE_ENROLL, which allows a user to re-enroll certificates with the same token, and PIN_RESET which allows the token user to initiate a PIN reset operation. The values for both of these are either YES or NO. Both policies can be set by separating them with a semi-colon. For example, to allow the user to reset his PIN but to disallow re-enrolling with the same token, the policy would be as follows:
RE_ENROLL=NO;PIN_RESET=YES
NOTE
If the PIN_RESET policy is not set, then user-initiated PIN resets are allowed by default. If the policy is present and is changed from NO to YES, then a PIN reset can be initiated by the user once; after the PIN is reset, the policy value automatically changes back to NO.