- Log in to the Management Portal as an administrator.
- Under "Token Deployment System" select "Configuration". On the "Software Tokens" tab, confirm which AD groups have been assigned permission to request the specific token type(s).
- Then from Active Directory Users and Computers, confirm the user is a member of the respective group.
Only users who are members of the group(s) specified may request a software token.
For more information on configuring the Management Portal, please refer to the Defender Administration Guide, Configuring self-service for users