Managing MDM tokens

Multiple keys can coexist, for example, for allowing time for rotating keys and the time it takes to phase in new keys and retire old ones. PingID checks all listed keys to verify a match with the key submitted in the authentication request.

The MDM does not retain multiple values for the same token. Support for multiple keys is provided through PingID.

The generated date following each token indicates the date and time of its creation.

Organizational security policies might require periodic revocation of retired or obsolete tokens to prevent use of old tokens for authentication.

A minimum of one token must be retained. If you delete the only token, a new replacement token is automatically generated.

Organizational security policies might require periodic rotation of MDM tokens to prevent use of old tokens for authentication.

To rotate a token, add a new token, distribute it to all managed devices, and then revoke the old token.