One method is to use the RSA Authentication Manager to generate CT-KIP URLs which can be sent to the end-users. You can read more about this from the RSA iPhone page after downloading the documentation and device definition file.
My preference is to use the Compressed Token Format (CTF) which will compress a .sdtid soft token file into an 81-digit string.
I don't want there to be any confusion about the intent of this post – I'm demonstrating one possible way to install a token on your device without involving an administrator. In most cases your ACE administrator will probably be willing to assist you with the installation of a token, and none of this will be necessary.
Preparing the Token
You can use the Token Converter application from RSA, or the web-based token converter on my projects page. Paste the contents of your .sdtid file into the form, supply your password if it requires one and create the CTF link.
Distributing the CTF SecurID Token
You can email links to the CTF token file or link to an HTML page containing the link. Both work, although the current version (1.0.5) of the RSA SecurID iPhone Application is overly sensitive to malformed links. Sending an HTML email from Outlook will generate a malformed link, but as Phil noted in the comments composing a message in RTF format containing the link will work.
If you are going to email the link make sure that it doesn't append the extra trailing slash after ctf. Do not use Outlook to send the email in HTML format as it always appends the extra slash – compose a RTF message instead.
You may need to change your Outlook options to retain RTF emails when sending to internet recipients. In Outlook open Options > Mail Format > Internet Format. Under "When sending Outlook Rich Text messages to Internet recipients, use this format:" change the option to "Send using Outlook Rich Text format".
Emailing the CTF Link
For iPhone users running OS 2.x you can compose a plain text message with the CTF link (com.rsa.securid.iphone://ctf?ctfData=<token>) between angle brackets.
This will only work with OS 2.x, and not with the GM release of OS 3.0.
For all users running OS 2.x and OS 3.x you can send an HTML-formatted email with a hyperlink to the CTF URL, like Click here to install Token. As mentioned above this will NOT work with Outlook, which adds an extra forward slash that the SecurID application cannot understand.
Linking to a page containing a CTF Link
The third option is to use Mobile Safari to open a web page containing a hyperlink to the CTF URL. You can put this page somewhere on your own servers, or use my RSA CTF Hyperlink Generator to dynamically build these links. Opening
http://coreygilmore.com/rsa/<CTF> will automatically display an iPhone-ready hyperlink to install the token. View a sample page.
- RSA Token Converter – generate CTF links offline.
- Web-based token converter – generate CTF links from a webpage.
- RSA iPhone Resources page – Documentation and technical specs for the app and support utilities.
- RSA iPhone SecurID Application for the iPhone – iTunes link to the soft token application.
- CTF Hyperlink Generator – Dynamically generate a webpage with CTF links, viewable from Mobile Safari.
- Cisco VPN Connections from an iPhone – How to create an IPSEC VPN connection on the iPhone.
Updated 6/18/09: Added information about composing Outlook RTF emails to successfully send token installation links, brief clarification about the intent of this post.