How do I assign a HardToken to a 2FA user?