Uninstall and reinstall the agent

When you uninstall an RSA SecurID or On-Prem MFA agent, or reinstall an On-Prem MFA agent, you must decide whether you also want to remove the old Okta API token from your system. If you're performing an upgrade, you aren't required to do so. To remove the API token, you must delete the Okta RSA SecurID Agent or On-Prem MFA Agent folder. Then deactivate and remove your old RSA SecurID or On-Prem MFA app in Okta.

To avoid downtime, you should have at least two agents running before you uninstall. See Configuring High Availability.

Uninstall the agent

  1. On your Windows desktop, select StartControl PanelProgramsPrograms and Features.
  2. Select the appropriate agent, and then select Uninstall.
  3. In the Admin Console, go to SecurityAuthenticators.

  4. Click Deactivate for the RSA SecurID or On-Prem MFA agent you want to deactivate and then click the Delete button to remove it from your org.
  5. Uninstalling your On-Prem MFA agent leaves the agent configuration data on your hard drive. To remove the configuration data, go to >\Program Files (x86)\Okta> and delete the Okta RSA SecurID Agent or On-Prem MFA folder. Deleting this folder removes the agent configuration data, API token, and all log files from your hard drive. The API token for the server is still valid in Okta so it's important to remove the configuration data. See API Tokens for more information.

Reinstall the agent

Installing the agent doesn't overwrite the configuration data in the On-Prem MFA Agent folders. If you want to reinstall and create an API token, make sure you uninstall the On-Prem MFA Agent first. Then perform the following steps to reinstall the agent, and then deactivate and remove the old one in Okta:

  1. Perform the procedure described in Install the On-Prem MFA Agent.
  2. From your Administrator Dashboard, select Security Authenticators and then click ActionsEdit on either the RSA SecurID or On-Prem MFA authenticator.
  3. Under Agents, there's a list of your agents. Confirm that your reinstalled agent is connected to Okta and appears in the list. Always make sure to have at least one of the agents online.

    If you're performing an upgrade or reinstallation and don't want to revoke the Okta API token of the old agent, you're finished. Otherwise, proceed to the next step.

  4. Under Agents, click the Deactivate button for the agent you want to deactivate, then test your system to ensure that it's working properly.
  5. Select SecurityAPI, and then click the trash can icon next to the appropriate agent token. See API Tokens for more information.
  6. Select Security Authenticators.
  7. For either the RSA SecurID / On-Prem MFA authenticator select ActionsDelete.