CARD RECON 2.0.25
Generating and Using Scan Tokens
SCAN TOKENS are easy-to-remember passphrases that can be distributed to authorised users.
They can be used in place of a Ground Labs Services Portal user name and password for authenticating a user on CARD RECON. This is useful when a user needs permission to run scans on a TARGET without having access to Ground Labs Services Portal user credentials.
You can manage and generate SCAN TOKENS at the Ground Labs Services Portal. Look for the "Scan Tokens" section on the dashboard.
This allows users other than the owner of the Ground Labs Services Portal account to (among other things):
- Assign licenses to TARGETS.
- Scan targets.
- Access CARD RECON to create, modify, and save CARD RECON configuration files for use on another host. For details, see Save and Load Options.
Generating Scan Tokens
Generate SCAN TOKENS at the Ground Labs Services Portal dashboard.
Look for the "Scan Tokens" panel, and click “add new scan token”.
Clicking on "add new scan token" will bring up its dialog window.
You will be asked to select your "License source" and the number of uses for your token.
Select the appropriate license source for the SCAN TOKEN that you are generating, and click Create.
Identifying Scan Tokens
Comments can be added to your SCAN TOKEN to help you keep track of your TOKENS in the "Comment" input box.
Comments can be used to help document:
- SCAN TOKEN allocation: If you have multiple workstation groups with different administrators, each administrator can be given a SCAN TOKEN with a license pool that they can draw from to assign to workstations in the group.
- License allocation: When allocated, the "Scan Tokens" section on the Ground Labs Services Portal only carries the SCAN TOKEN itself, the number of activations the SCAN TOKEN carries, its creation and expiry dates. It does not carry details on the licenses it is associated with.
Using and Activating Scan Tokens
A SCAN TOKEN has a "license source" it is attached to.
A "license source" is the pool of licenses that the SCAN TOKEN can draw from when assigning licenses to new TARGETS.
A SCAN TOKEN can be used to log into an instance of CARD RECON without assigning a license to the host.
When attempting to scan a new TARGET while logged into CARD RECON using a SCAN TOKEN, CARD RECON will draw from the "license source" that is attached to the SCAN TOKEN it is using to assign the a license to the new TARGET.
SCAN TOKENS are not "activated" when used to log into CARD RECON.
They are "activated" when, after logging into CARD RECON, a license that is attached to the SCAN TOKEN is assigned to a new TARGET.
If no licenses attached to the SCAN TOKEN are assigned to any TARGETS, then no activations are used.
This means a SCAN TOKEN can be used to assign licenses to new TARGETS as long as there are "activations" available.
If there are no more "activations" for the SCAN TOKEN, it can still be used to log into an instance of CARD RECON, but cannot be used to assign licenses to new TARGETS, or scan TARGETS that do not come under the licenses that are attached to it.
SCAN TOKEN A is used to log into CARD RECON on host B, that contains TARGET B (local storage). No licenses are assigned yet, hence SCAN TOKEN A still has 0/1 activations used.
While logged in with SCAN TOKEN A, CARD RECON runs a scan on TARGET B. A license is then assigned to TARGET B from SCAN TOKEN A’s "license source". 1 license is assigned; SCAN TOKEN A now has 1/1 activations used.
SCAN TOKEN A can still be used to log into CARD RECON.
But when that login instance is used to attempt a scan on TARGET CARD RECON returns an "Insufficient available licenses" error.
This happens even if there are licenses available for assignment in your Ground Labs Services Portal account , but there are no more "activations" available for your SCAN TOKEN.
Single or Multiple-use Scan Tokens
When generating a SCAN TOKEN, you are asked if the TOKEN should be a “Single use token” or otherwise.
- "Single use token": A "Single use token" is a SCAN TOKEN that can be used to activate or assign one license to a TARGET.
- Multiple-use: If you choose to generate a multiple-use SCAN TOKEN, you can select the number of activations that the SCAN TOKEN can be used for.
That SCAN TOKEN can be used to activate or assign licenses to TARGETS as long as there are activations left on the SCAN TOKEN.
You can generate as many SCAN TOKENS as you need as long as you have licenses available for assignment in your Ground Labs Services Portal account.
If you have assigned all your licenses to TARGETS, you will not be able to generate any more SCAN TOKENS.