ITS Documentation

MToken Administration

S4395 • September 2013

This document provices instructions for MToken administrators—the people at the ITS Service Center and MToken Distribution Centers who distribute and manage MTokens for members of the university community. MTokens are used for two-factor authentication. Information for MToken users is in Obtaining, Activating, and Using an MToken (S4394).

Table of Contents


IMPORTANT! You must be an MToken administrator to log in to MToken Quick Admin. MToken administrators include staff members at the ITS Service Center and the people who staff the MToken Distribution Centers.

Log In to MToken Quick Admin

To complete any of the procedures outlined in this document, begin by logging in to MToken Quick Admin.

  1. Connect to MToken Quick Admin.

  2. At the U-M Weblogin screen, log in with your uniqname and UMICH password. Do not enter your tokencode yet. You will need to enter it inside the MToken Quick Admin application. (If you are already logged in to other U-M applications via Weblogin, you will skip this step and be taken directly to the MToken Quick Admin Login page.

  3. On the MToken Quick Admin Login page, verify that your uniqname is displayed as the User ID. In the Passcode box, enter the current tokencode on your own MToken, then click OK.

  4. You will see the Quick Admin Search page.

Assigning an MToken to a User

MToken Administrators can only assign an MToken to a user who already has a user record in MToken Quick Admin. This means that the user will have had to request an activation code at some point. If no user record exists, the user will have to use the online MToken Service Center to request an activation code, which is the step that creates the user record.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. Click Assign New Token, enter the serial number of the new token, then click Apply.

  4. At this point, the user can go to the MToken Service Center website to test their MToken.

  5. Encourage the user to set up Q & A authentication to enable self-service emergency access in the future if they forget their MToken.

Unassigning an MToken

When people no longer need an MToken, they (or a department representative) need to return the MToken to an MToken Distribution Center, where the MToken can be unassigned. Once an MToken has been unassigned, it can be reassigned to another person.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. From the search results, click the token serial number.

  4. Click the Unassign Token radio button to unassign the token.

  5. Click the Confirm checkbox.

  6. Click Apply.

Enabling a Disabled MToken

If a user calls to report that they have found their lost MToken, the MToken Administrator needs to determine if the MToken has already been replaced or if it has been disabled. If the MToken has been replaced, the recovered MToken will need to be returned to an MToken Distribution Center. If a replacement MToken has not been assigned, the MToken administrator can enable the previously disabled MToken.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. From the search results, click the token serial number.

  4. Verify that the status is Disabled.

  5. Click the Reset Token radio button to enable the token. Or you could click Enable/Disable Token, which will also enable the MToken.

  6. Click Apply.

  7. Have the user go to the MToken Service Center website to test their token by clicking Test Your MToken. The user can also test their MToken by logging into the desired application.

Resetting an MToken

This process is used to reset an MToken when it has either been locked or put into Next Tokencode Mode (NTM).

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. From the search results, click the token serial number.

  4. Confirm that the Token Status is one that would require a reset, such as Next Token Mode or Disabled.

  5. Click the Reset Token radio button to reset the token.

  6. Click Apply.

Resynching an MToken

Extreme time drift or irregular user login attempts may require a token to be resynchronized.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. From the search results, click the token serial number.

  4. Click the Resynch Token radio button to resynch the token.

  5. Enter the tokencode displayed on the user's token in the 1st Tokencode field.

  6. Wait for the tokencode to change, and enter the new code in the 2nd Tokencode field.

  7. Click Apply.

Forgotten Token: Providing Temporary Access

An MToken user who has not set up security questions and answers can phone the ITS Service Center for a temporary static tokencode. Service Center staff can verify the user's identity through other means and then provide a temporary tokencode. The user should be encouraged to set up security questions and answers so that they can obtain a temporary tokencode themself in the future if need be.

If the user has not set up security questions and answers or needs a temporary password for more than one business day, follow this procedure

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. From the search results, click on the Token Serial Number.

  3. Click Edit Lost Status to assign a Temporary or Fixed Static Tokencode.

  4. Click the By Date/Time radio button.

  5. Fill in the expiration date and time with the following business day at 09:00 a.m. These fields will NOT default.

  6. Click the Fixed Password radio button.

  7. Type in a random 6 digit numeric code as a fixed password.

  8. Re-type the password in the Confirm field.

  9. Check the When lost status expires, mark token as Not Lost checkbox.
    NOTE: If the user needs a temporary password for more than one business day, skip to the next step of this document.

  10. Click Apply.
    NOTE: The temporary static tokencode willexpire at 9:00 AM the next business day. Token status will change to "Not lost" at this time.

  11. If the user needs a temporary password for longer than one business day, click either the By Days/Hours or the By Date/Time radio button. Enter the corresponding parameters.

  12. Click Apply.

  13. Have the user go to the MToken Service Center website to test their temporary static tokencode by clicking Test Your MToken. The user can also test their temporary static tokencode by logging into the desired application.

Expired Token: Assigning a New Token

If a user visits an MToken Distribution Center with an expired MToken, the administrator can unassign the expired MToken and assign a new one to the user.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. From the search results, click the token serial number.

  3. To unassign the expired MToken and assign a new one, click Unassign Token from the Edit Token page.

  4. Check the Confirm checkbox.

  5. Click Apply.

  6. Click User Search.

  7. Decide which search parameter you would like to use (User ID, First Name or Last Name) and select the appropriate radio button.

  8. Enter the corresponding parameter.

  9. Click Search.

  10. Click the User ID from the Search Results.

  11. Click the Assign New Token radio button.

  12. Enter the serial number of the new MToken.

  13. Click Apply.

NOTE: At this point, if the MToken administrator has time, he or she can enable the MToken for the user. Otherwise, the user can go to the MToken Service Center website to activate and test their MToken.

Broken Token: Providing Temporary Access

If a user calls an MToken administrator for help with a broken MToken and has an immediate need to access a two-factor authenticated system, the administrator can assign a temporary static tokencode so the user can work in the system. The administrator should then refer the user to an MToken Distribution Center for replacement.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. You can search by user ID (uniqname), first name, or last name.

  3. From the search results, click the token serial number.

  4. Click Edit Lost Status to assign a temporary static tokencode.

  5. Click the By Date/Time radio button.

  6. Fill in the expiration date and time with the following business day at 09:00 a.m. These fields will NOT default.

  7. Click the Fixed Password radio button.

Lost Token: Providing Temporary Access

If a user calls an MToken administrator claiming to have lost an MToken, the MToken administrator can assign a temporary static tokencode (TST), and then refer the user to an MToken Distribution Center, where the token will be unassigned and a new one can be assigned.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. From the search results, click the token serial number.

  3. Click Edit Lost Status to assign a temporary static tokencode.

  4. Click the By Date/Time radio button.

  5. Fill in the expiration date and time with the following business day at 09:00 a.m. These fields will NOT default.

  6. Click the Fixed Password radio button.

  7. Type in a random six-digit numeric code as a fixed password.

  8. Re-type the password in the Confirm field.

  9. Check the When lost status expires, mark token as Not Lost checkbox.

  10. Click Apply.
    NOTE: The Temporary Static Tokencode will expire at 9:00 a.m. the next business day. Token status will change to Not lost at this time.

  11. Have the user go to the MToken Service Center website to test their temporary static tokencode by clicking Test Your MToken. The user can also test their temporary static tokencode by logging into the desired application.

Lost Temporary Static Tokencode (TST): Providing Temporary Access

If a user calls an MToken administrator claiming to have lost their MToken temporary static tokencode, the MToken administrator can assign a new temporary static tokencode, following this procedure. If another MToken administrator calls, they will need to contact the ITS Service Center to have the password reset.

  1. Log in to MToken Quick Admin (see login instructions above).

  2. Search for the user. From the search results, click the token serial number.

  3. Click Edit Lost Status to assign a temporary or fixed static tokencode.

  4. Accept the default of Not Lost.

  5. Click Apply.

  6. Click the By Date/Time radio button.

  7. Fill in the expiration date and time with the following business day at 09:00 a.m. These fields will NOT default.

  8. Click Fixed Password.

  9. Type in a random six-digit numeric code as a fixed password.

  10. Re-type the password in the Confirm field.

  11. Check the When lost status expires, mark token as Not Lost checkbox.
    NOTE: If the user needs a temporary password for more than one business day, click either the By Days/Hours or the By Date/Time radio button. Enter the corresponding parameters.

  12. Click Apply.
    NOTE: The temporary static tokencode will expire at 9:00 a.m. the next business day unless otherwise specified. Token status will change to Not lost at this time.

  13. Have the user go to the MToken Service Center website to test their TST by clicking Test Your MToken. The user can also test their temporary password by logging into the desired application.

MToken System IDs

MToken system IDs can be requested from the ITS Service Center.

Additional Resources

Visit ITS's Information System to obtain ITS computer documentation and other resources. A list of relevant documents follows:

The ITS Service Center provides a variety of computing help resources.

For further help with this or any other topic, call 734-764-HELP [4357] or submit an online service request.