A recent event at our office reminded me of the value of a documented workflow process for AuthAnvil administrators. In this particular case, a defined workflow for access to AuthAnvil in case of emergency saved my butt, and I wanted to share this as a best practice with you.
Let me set the stage. In our office, I am the only day-to-day site administrator for the corporate AuthAnvil server. I use an AuthAnvil SoftToken on my iPhone 4 smartphone, and have AuthAnvil site admin privs for the corp network, the QA network and the primary lab network. Without my token, even I cannot log into any of these networks. We enforce strong authentication on all entry points, including VPN, RWW and Citrix. And even when inside the network, we enforce strong authentication on servers and workstations.
So I was in an interesting predicament when I no longer had access to my SoftToken. I had dropped my iPhone and cracked the screen really bad, and had to take it back to the local Apple store. They replaced my phone, completely wiping it and reloading my backup... which does NOT include the keys to the AuthAnvil SoftToken (by design). So I was now without a token to log into AuthAnvil or any of our corporate resources!
Never fear though... I was safe. At Scorpion Software, we have an emergency DR strategy to deal with this. I could have used the AuthAnvil Override password to the main server and then used the AuthAnvil Configuration Wizard... simply deleting my account, recreating it and pushing a new self-enrollment request to my phone. The drawback to this approach is that I would have lost access to all the groups I belonged to, and I would have had to manually re-associate them. That is prone to time delays and problems, as I would have to look through the change mamangement logs and make sure the account was properly setup again.
What I did instead was to follow a documented method we have in-house that addresses this. About two years ago I had created an AuthAnvil Site Administrator named "AAAdmin", and issued the account a hardware token. This token was placed in a sealed envelope that was put in our safe with instructions that only myself, or a member of our corporate board of directors, could open it. Today was a day to do just that. By simply accessing the safe to grab the token, I could log into the AuthAnvil Manager and reassign a new SoftToken to my own account. There was no interruption in service and the security posture of my account was never compromised. After use, the hardware token was placed in a new envelope, sealed and signed, and then put back in the safe for use again years from now if and when something does go wrong and I need access like this again.
So in summary, today's best practice is to consider creating an emergency site administrator called AAAdmin and assigning a spare hardware token to that user. Store it safely in a sealed envelope with specific instructions on who is authorized to open it, and leave it somewhere accessible in case of emergency. If possible, consider storing this offsite in a safe or safety deposit box for added protection. Then store the PIN in another sealed envelope in in a different location, with the same instructions. This way, in the most dire of situations, you or some you have delegated can always get access to AuthAnvil in case of emergency.