Registering and Issuing VASCO Hardware OATH Tokens

Owned by Phillip Hanegan
Last updated: Nov 12, 2019Version comment

When more than one factor is required for accessing resources, you can set up VASCO Hardware OATH tokens and assign them to a Person's account in EmpowerID for use when logging into EmpowerID.

When hardware tokens are purchased from a vendor such as VASCO, the vendor provides the purchaser with an XML file containing information about each token and an encrypted seed key to use.

To Import OATH Tokens into EmpowerID

  1. On the server hosting EmpowerID, log in to the EmpowerID Web application as an administrator.
  2. In the navigation sidebar, expand Other and click Things To Do.
  3. Click the Create tile, then One-Time Password Tokens, and Import Hardware Tokens to start the ImportOathTokens workflow.
  4. In the Import Oath Token form that appears, drop down Tokens File Format and select Portable Symmetric Key.
  5. In the File Location field, enter the local path to the XML file for the hardware OATH tokens.
  6. Type the encryption seed key provided by the hardware token vendor in the Encryption Key field.
  7. Click Submit.



  8. Click OK to close the Tokens imported successfully page.

To Issue a Hardware OATH Token to a Person

  1. On the server hosting EmpowerID, log into the EmpowerID Web application as an administrator.
  2. In the navigation sidebar, expand Other and click Things To Do.
  3. Click the Create tile, then One-Time Password Tokens, and Assign Token to Person to start the AssignTokenToPerson workflow.
  4. In the Select Person lookup that appears, type the EmpowerID Logon of the person to whom you want to assign the token in Search field and press ENTER or click the Search button.
  5. From the grid, click the record for the person and then click Submit.



  6. In the Available Oath Tokens page that appears, select a VASCO hardware token and click Submit.
  7. Click OK to close the Token Assigned Successfully message.

To test the OATH Token

To use multi-factor authentication with the VASCO hardware OATH token, second factor authentication must be required. Set it in the Advanced tab of the Person account, or apply a password policy that requires second factor authentication to the Person account.


  1. Log into the EmpowerID Web application using the credentials of the Person to whom you just assigned the token. 
  2. On the Enter Security Code screen that appears, type the six-digit security code generated by the VASCO hardware OATH token when you pressed the button on the token.
  3. Click Verify to continue.



  4. You are authenticated and redirected back to the Home page of the EmpowerID Web application.


On this page