---
title: Revoking an MDM token
description: Organizational security policies might require periodic revocation of retired or obsolete tokens to prevent use of old tokens for authentication.
component: pingid
page_id: pingid:pingid_service_management:pid_revoking_an_mdm_token
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_revoking_an_mdm_token.html
revdate: January 23, 2024
section_ids:
  steps: Steps
---

# Revoking an MDM token

Organizational security policies might require periodic revocation of retired or obsolete tokens to prevent use of old tokens for authentication.

## Steps

1. Go to **Setup → PingID → DEVICE & PAIRING**.

2. Click the **Expand** icon for **DEVICE REQUIREMENTS**.

3. Click the **Expand** icon for **MOBILE DEVICE MANAGEMENT REQUIRED** to expand the section.

4. Scroll the list of tokens to identify and locate the old token to be revoked.

   |   |                                                                                      |
   | - | ------------------------------------------------------------------------------------ |
   |   | The generated date following each token indicates the date and time of its creation. |

   ![Screen capture of the expanded Mobile Device Management Required section](_images/zon1564020719034.png)

5. Click **Revoke** to remove the associated key.

   |   |                                                                                                                                                                            |
   | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | A minimum of one token must be retained. When there is only one token, clicking **Revoke** will offer the option to replace the existing token with a new generated token. |

   ![Screen capture showing the Revoke option.](_images/tsh1564020729781.png)

   |   |                                                                                                                                                                                                                                                                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | If a new token was generated as the result of revoking the single listed token, all devices will be prevented from authenticating until the new token value is both updated in the MDM, and distributed to all devices. Consider setting the **EFFECTIVE DATE** to a future date to permit time for distribution of the new token to all devices. |

6. Click **Save**.