Requesting factory-set seeds for Token2 hardware tokens

Who is authorized to request the seeds

The seeds can be requested only by the users listed as authorized to receive the seeds. When placing the order, you can specify the additional email addresses in the "Additional info" field. If you are using purchase orders to place orders with us, the email addresses can be specified in the PO as well.

Requesting seeds

After your order was physically delivered you can request the seeds for the tokens in multiple formats, including Azure MFA compatible CSV file, encrypted with a PGP or GPG public key or in a password-protected zip file. 

⚠ Important: by submitting this seed request you are confirming that the physical products of your order have been successfully delivered. It is not recommended requesting the seeds before the delivery as you will lose the possibility to get the products resent or a refund in case of a damaged product or failed delivery.
To request the seeds, navigate to your order page. The order page is a unique URL sent by Token2 several times (at least twice: when you pay for the order and when the order is shipped). Scroll down to the list of serial numbers and click on "Request Seeds" button.

Requesting factory-set seeds for Token2 hardware tokens

This will redirect you to a pre-filled seed request form. Only the following information is expected to be clarified by the end-users:

  • Encryption method: you can use PGP by providing your public PGP or GPG key (recommended option), or, if you are not familiar with PGP, a password-protected zip file (you are expected to enter a strong password - containing English letters and digits). Important: do not use both methods.
    Requesting factory-set seeds for Token2 hardware tokens

  • Choose the format you want the seeds to be sent under "Secret Key Format" section. For Azure MFA, choose "CSV for Azure MFA..."
    Requesting factory-set seeds for Token2 hardware tokens

After completing the form, click on Send button to submit your request. This will send the request along with creating a support ticket assigned to one of our technical support agents. Shortly after, you will receive an update (both via email and via our support portal) with the seeds in the requested format as attachments or as downloadable links.

Please note that this process requires manual verification, but usually is fast if the request is received within our working hours (9AM to 6PM, CET timezone). Your email address has to be listed as authorized for the order, otherwise the request will be rejected

Importing the seed file to Azure MFA

Follow the instructions here to complete the import process. Kindly note that you need Azure AD Premium P1 or P2 license to be able to use this method.

Frequently asked questions

Q. How do I decrypt the PGP file?
A. Please note that we do not provide support for GPG or PGP tools or software. If you don't feel comfortable dealing with asymmetric encryption, use a password-protected zip file method instead.

Q. Why is the pgp file sent is a zero sized file which I cannot decrypt?
This usually happens when the public key submitted in the seed request form is malformed or corrupted. Recheck the public key content (make sure the '-----BEGIN PGP PUBLIC KEY BLOCK-----' and '-----END PGP PUBLIC KEY BLOCK-----' lines are present) and submit your seed request again.

Q. Why I can not unzip the zip archive sent?
As the request is sent to our web-server, some characters (such as slashes, quotes, backticks etc.) may have been sanitized by the web security engine of the CDN we use. You can retry using letters and digits (specify a longer password to keep the security at the good level).

Q. Why is the file I received named .txt, not .csv?
If we keep the file with .csv it will, by default, open in Excel, which breaks the format of the file when editing. As mentioned already, please use a plain text editor (such as Notepad), to modify the contents. You can keep the extension as .txt, Azure accepts it with no issues.

Q. Why was my seed request rejected and closed?
This happens in the following cases:

  • Your email address has to be listed as authorized for the order, otherwise the request will be rejected
  • The serial number of the tokens do not match the list of the serial numbers recorded. This may happen if you manually entered the serial numbers: please note that you normally should not enter the serial numbers - if you access the seed request form from your order page by using 'Request seeds' button, the list of the serial numbers should be populated automatically
  • The order ID is not correct or not matching: please note that you should be using the order ID (currently 4 digits), which is also called 'seed request ID'. This ID may is different from the invoice number or purchase order number. If you bought the tokens via a reseller, ask them to provide your order's seed request URL 

Currency
Large Volume Orders
For large orders, Token2 offers volume discounts.If you are interested in larger volume orders, please contact us and we will get back with a quote immediately
Burner apps