Enquiry Form

Overview of Provisioning Services

"Provisioning" is the term Signify uses for the process of getting a physical token device into a user's hands.  Signify offers two forms provisioning, for the different stages in the lifecycle of an organisation and its users.  By providing these flexible choices Signify ensures usage of tokens is reliable and easy for users, and quick and easy for administrators.

The three different stages in the lifecycle:

   
1. Initial roll-out of a tokens to new user
   
2. Replacement of a token to an existing user who has lost/broken their token or the token has become faulty
   
3. Replacement of a token when it is due to expire

Signify offers two forms of provisioning, for each of these stages:

  • Local Provisioning: Signify ships a batch of tokens to the customer, and the customer's administrator then hands the tokens out to each user.  Local provisioning is ideal if all (or most) of the users are in the same building as the administrator.
     
  • Signify Provisioning: Signify holds tokens on behalf of the customer, then for each token required ships the token directly to the end user. This saves administrators the hassle of finding tokens and dealing with packaging and postage.  Signify provides SLAs for how quickly it sends the replacement token out.  Tokens are shipped using a next-day guaranteed (except for certain countries) and insured delivery service. Signify provisioning is ideal for rolling out new users who are based remotely, at many different sites or located at a customer or supplier, but is less cost-effective if rolling out lots of tokens in one location at the same time.  It is  also ideal for replacing tokens that are lost or broken since Signify will respond and deploy a replacement token to an end user quickly and smoothly, without any disruption to an internal IT team.

Generally customers choose the following combination of provisioning options:

  • New users: Local provisioning
  • Lost, broken or faulty tokens: Signify provisioning for replacement of the token
  • Expiring tokens: Signify provisioning

However this combination can be varied over time as different deployment scenarios arise for the customer.

Details of provisioning for each stage

1. Initial roll-out of a tokens to new users

  • Local provisioning.  (Default option included in Signify quotes). The customer simply orders the number of tokens and user services they require, and Signify ships this number of tokens to the customer.  The customer uses the easy to use Identity Management Centre (IMC) web portal to create users and allocate tokens. The customer then physically distribute the tokens to the users themselves, usually by hand.
     
  • Signify provisioning (extra cost option).  The customer orders the number of tokens and user services they expect to roll out within the next few weeks and pay the appropriate shipping costs.  Signify create a "Token Pool" exclusively for the customer and put the number of tokens ordered in it.  Using the IMC, the customer can see exactly how many tokens they have in the pool, so when they wish to roll out a new user, they simply create the user on the IMC and enter their appropriate address details. Signify then ships the token, using a next day delivery service, directly to the end user at the address specified.

2. Replacement of a token to a user who has lost or brokentheir token, or their token has become faulty

  • Signify provisioning (default option):  When a token that is allocated to a user is logged as lost, broken, or faulty using Signify’s web helpdesk a replacement token is automatically requested. The request needs approval from the customer's administrators who receive notification by email (this can optionally be set to automatically be approved to speed up the process).  Once approved, Signify ship a replacement token directly to the user at the requested address.  This means that the customer's administrators maintain control of the process, but do not have to physically do anything, and end users enjoy a prompt and uninterrupted service.
 

Tokens getting packed

  • For lost/broken tokens: The customer is charged for any replacement tokens sent out and their associated shipping costs just once per year, normally at their next renewal, which saves them receiving lots of small invoices throughout the year.
     
  • For faulty tokens: So long as the user has returned the token to Signify (a return envelope is supplied with the replacement token) and the token is verified as a warranty failure, then there is no charge for the replacement token or shipping.  A faulty token that is not returned to Signify, or is found to have failed through physical damage will be charged at the next renewal.
  • Local provisioning: If a customer wishes to replace tokens themselves, then this can be set as an option on the service.  The customer simply buys a number of spare tokens, maintains a stock of them. In this scenario, the customer is responsible for sending out the replacement tokens to users.

Once a token has been registered as lost/broken/faulty on the web helpdesk users (dependent upon the customer's configured security policy) have the option of enabling Emergency Access which enables them to keep working while they wait for their replacement token.  Token replacement provisioning combined with emergency access gives end users the best user-experience possible - keeping them working, and then getting them back to normal with a full token as quickly as possible.

3. Replacement of a token when it is due to expire

RSA SecurID tokens typically last for either 3 or 5 years from manufacture.  They are completely sealed devices, with a battery permanently sealed inside.  They are programmed to expire before the power of the battery reduces to a point where they may become unreliable.  The date upon which each token will expire is stamped on the back of each token.

To ensure a good experience for users, a well managed replacement process for expiring tokens is important. Signify has a well defined and automated process that makes the replacement of them a hassle-free process for end users and administrators, whilst allowing the administrators to stay fully in control with visibility of the process.  Signify's IMC web portal provides management of the whole process, ensuring that the correct tokens are replaced and shipped to the right people at the right location before the user's old token stops working.  The IMC makes it easy for the customer administrator to see where each user's token is in the process, without the need to send e-mails themselves.

The customer has two choices as to the final provisioning of the tokens to end users, which is decide at the renewal prior to the tokens expiring:

  • Signify provisioning: (Default option).  The customer receives a statement at the renewal prior to the expiry date of the tokens which outlines the total cost, including shipping, of replacing all the tokens expiring during this period.  The whole replacement process is then managed by the IMC, which communicates to administrators (who can control which tokens will be replaced) and end users throughout the process.  Customer administrators only need to handle tokens where end users did not confirm where they wanted their replacement tokens sent.
 

Tokens ready for dispatch

  • Local provisioning: If a customer would like to hand out the replacement tokens themselves, they should let their Account Manager know at the renewal before the tokens expiry. This will reduce the shipping costs on that renewal.  When this provisioning is chosen, partway through the expiring token replacement process, Signify will ship the replacement tokens in one batch to the customer administrator, so that they can carry out the final step of actually sending the replacement tokens to the end user.