Uninstalling and reinstalling the agent
When you uninstall a RSA SecurID or On-Prem MFA agent, or reinstall a On-Prem MFA agent, you must decide whether or not you also want to remove the old Okta API token from your system. If you are performing an upgrade, you are not required to do so. To remove the API token, you must delete the Okta RSA SecurID Agent or On-Prem MFA Agent folder, and deactivate and remove your old RSA SecurID / On-Prem MFA app in Okta.
To avoid downtime, you should have at least two agents running before you uninstall. See Configuring High Availability.
To uninstall your agent:
- On your Windows desktop, select Start > Control Panel > Programs > Programs and Features.
- Select the appropriate agent, and then select Uninstall.
- From your Administrator Dashboard, select Security > Multifactor > RSA SecurID / On-Prem MFA.
- Click the Deactivate button for the agent you want to deactivate and then click the Delete button to remove it from your system.
- Uninstalling your On-Prem MFA agent leaves the agent configuration data on your hard drive. To remove the configuration data, navigate to >\Program Files (x86)\Okta> and delete the Okta RSA SecurID Agent or On-Prem MFA folder. Deleting this folder removes the agent configuration data, API token, and all log files from your hard drive. The API token for the server is still valid in Okta so it is important to remove the configuration data. See API Tokens for more information.
Installing the agent does not overwrite the configuration data in the On-Prem MFA Agent folders. If you want to reinstall and create a new API token, make sure you uninstall the On-Prem MFA Agent , (as described above) before you reinstall the agent. Then perform the following steps to reinstall your agent, then deactivate and remove the old one in Okta:
- Perform the procedure described in Installing the On-Prem MFA Agent as described in Install the agent.
- From your Administrator Dashboard, select Security > Authenticators and then click Actions > Edit on either the RSA SecurID or On-Prem MFA authenticator.
- Under Agents, there is a list of your agents. Confirm that your reinstalled agent is connected to Okta and appears in the list. You should always make sure to have at least one of the agents online.
If you are performing an upgrade or reinstallation and do not wish to revoke the Okta API token of the old agent, you are finished. Otherwise, proceed to the next step.
- Under Agents, click the Deactivate button for the agent you want to deactivate, then test your system to ensure that it is working properly.
- Select Security > API, and then click the trash can icon next to the appropriate agent token. See API Tokens for more information.
- Select Security > Authenticators.
- For either the RSA SecurID / On-Prem MFA authenticator select Actions > Delete.