Figure 1: AuthLite Token Manager UI
Figure 1: AuthLite Token Manager UI
Figure 2: Reassigning tokens
Figure 2: Reassigning tokens

For maximum data safety, AuthLite stores key data forever by default, and does not run any logic to prune old users or keys out of its database. For example, when a user re-programs an existing key, the key's old data record is no longer used, but still remains in the data store. This does not present any security, performance, or functionality problems, but you may wish to remove old records to keep the database tidy.

The AuthLite Token Manager program can be run from any AuthLite-aware domain controller. It can also be installed on other member machines, although this feature is not selected by default.

This tool allows you to display, sort, and search the data records for all the AuthLite keys that are currently provisioned in your domain.

Connecting to Active Directory

When you first start the AuthLite Token Manager, the application will automatically connect to the Active Directory instance on the local machine. The name of the domain controller to which the application is connected is shown in the status bar. To connect to a different domain controller, choose the Connect to... menu item from the File menu.

“Filter by” dropdown

When you first open the app, all tokens are shown except Recovery Tokens. You can change which tokens are shown by selecting a different term in the dropdown. Some selections require a search term to be entered in the “Find tokens” box.

Find tokens

Click inside the “Find tokens” box in the tool bar, enter your search term, and hit the Enter key. Hit ESC or press the “Clear Search” button to reset the search. The fields to search can be selected from the drop-down on the left.

Find by OTP

If you have a YubiKey OTP, and need to find the corresponding key entry, enter the OTP into the Find Tokens box and hit the Enter key or Search button. The key record corresponding to that OTP will be shown. This only works with the Filter dropdown set to “All Tokens”, “Assigned tokens”, or “Key ID Matches:”.

View a Token's Properties

To view the properties of a token, double-click on a row in the list, or right-click on a record and choose Properties from the context menu.

Delete a Token

Select one or more rows in the list, choose the Delete key(s)...option from the File menu, or hit the Delete key, or press the Delete toolbar button, or right-click and choose the Delete option from the context menu. Be careful because deleting token records is a permanent operation with no "Undo". If a record is in use, then deleting it will prevent that user from logging on to AuthLite-aware systems/services with that token ever again.

Reassign a Token

From the key properties dialog, click the Reassign key link. Or choose Reassign key...from the File menu. Or select one or more keys, right-click, and choose Reassign from the context menu.

In addition to selecting a different user, this dialog allows you to revert a token to its “Unassigned” state.

You can also set more than one token at a time. In Figure 2, two tokens have been selected. Whatever action is taken in this dialog, both tokens will be set to that user.