UW Digital ID (One-Time Password) - Locked / Disabled OTP Token

This document summarizes the process to unlock / enable a locked OTP device.

Locked / Disabled OTP Token

An OTP token can be disabled if the customer has incorrectly tried to authenticate with their OTP token ten (10) times. If this is the case, you will typically see the following message when you try to authenticate with your OTP token:

Operation not allowed in current state of credential.

To unlock and reenable your OTP token, you will need to visit a Local Registration Authority (LRA) to get credentialed and unlock your OTP token. Please refer to this KB document for credentialing instructions and where to find your LRA: 33434

While your regular OTP token will not work, you can still request a contingency code. Please refer to this KB for requesting contingency codes: 32898

LRA Instructions

  1. Navigate to https://uwdigitalid.wisconsin.edu and log in with your institutional credentials.

    If you experience problems logging into this page, please refer to the following KB document: 13942

  2. When prompted to, enter your OTP code to finish logging in.

  3. Search for the customer's request by entering the customer's name into the Name field and selecting the "Completed" status.

  4. Select the customer's OTP request.

  5. Credential the customer as described in this KB document: 68615

  6. Click Unlock Device in the Available Actions panel.

  7. Generate an OTP code on the device.

    • Hardware Token (Key Fob): Press the gray button on the token.

    • Software Token (Smartphone App): Open the application on the phone and you should see the OTP code on the screen.

  8. Enter the six-digit one-time password into the One Time Password box.

  9. Enter the code generated by the token Click Unlock.

  10. Once you see Device has been unlocked!, the customer can once again use the OTP token to authenticate to protected systems.