Organizational security policies might require periodic rotation of MDM tokens to prevent use of old tokens for authentication.
Rotation is implemented by adding a new token, distributing it to all managed devices, and then removing (revoking) the old token.
More than one token should coexist to permit token rotation without blocking users from authentication.
-
In the admin console, go to .
-
Click +Generate New Token to create a new PingID key for
MDM.
Note:The Generated date below each token indicates the date and time of its creation.
-
Identify and locate the old token to be revoked.
Note:
The generated date following each token indicates the date and time of its creation.
-
Click Revoke to remove the old token's associated
key.
Note:
A minimum of one token must be retained. When there is only one token, clicking Revoke will offer the option to replace the existing token with a new generated token.
CAUTION:If a new token was generated as the result of revoking the single listed token, all devices will be prevented from authenticating until the new token value is both updated in the MDM and distributed to all devices. Consider setting the Effective Date to a future date to permit time for distribution of the new token to all devices.