PingOne

Rotate an MDM token

You can rotate an MDM token.

About this task

To rotate an MDM token, generate a new MDM token, distribute it to all managed devices and then revoke the old token.

More than one token should coexist to permit token rotation without blocking users from authentication. If you have only one token and generate a new token by revoking the single listed token, all devices will be prevented from authenticating until the new token value is both updated in the MDM, and distributed to all devices. In such a case, consider setting the Effective Date to a future date to allow sufficient time for distribution of the new token to all devices.

Steps

  1. Go to Applications > Applications > PingID Mobile and click Edit.

    Result:

    In the Mobile Requirements area, under Require mobile device management, a list of MDM tokens displays.

  2. Click +Generate New Token, copy the value of the new token key, and then click Save.

  3. Update the token key in the MDM system:

    1. Sign on to the MDM system, and go to the app configuration settings page.

    2. Update the PINGID_MDM_TOKEN.

    3. Delete the existing key value. In its place, paste the value of the new shared token key that you generated in the previous step.

  4. Revoke the old MDM token:

    1. Go to Applications > Applications > PingID Mobile and click Edit.

    2. In the Mobile Requirements area, under Require mobile device management, next to the relevant token, click Revoke, and then click Save.