Importing OATH tokens in bulk

You can authenticate with Privileged Access Service using your existing third-party OATH tokens (for example, those generated by a YubiKey) by bulk uploading those tokens. Privileged Access Service uses those tokens to generate one-time passcodes (OTP) that users with registered devices can immediately use to log in to the admin portal.

Users without registered devices must first log in to the Admin Portal and scan the Privileged Access Service generated QR code (using a third party authenticator) to get the passcode pushed to their devices. You can direct users to Using OTPs to authenticate.

When you upload these tokens, they will override any existing passcode users may have generated by scanning the Privileged Access Service generated QR code.

Before you start importing OATH tokens, you need a CSV file with the following column headers (header names must match exactly):

  • User Principle Name
  • Secret Key (HEX)
  • Account Name
  • Issuer
  • Algorithm
  • OTP Digits
  • Type
  • Period
  • Counter

Important: The secret keys in the CSV file must be in HEX format.

Privileged Access Service validates one OATH token per user. If your CSV file contains more than one OATH token for the same user, the last token (the one lowest in the spreadsheet) is validated for that user.

A CSV file template is available on the bulk upload page in Admin Portal.