000020864 - What is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000020864
Applies ToRSA Authentication Manager
RSA ACE/Server
Microsoft Windows
UNIX
Token synchronization
IssueWhat is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager?
What are RSA SecurID token sync ranges?
What is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager?
What is the maximum resynchronization range?
ResolutionToken resynchronization ranges are as follows:
Standard Token:
        Automatic acceptance range                                             ? 1 interval (3 codes)
        Acceptance with Next Tokencode                                     ? 3 intervals (7 codes)
        Maximum limit (after 3 failures and Next Tokencode)        ? 10 intervals (21 codes)
PINpad Token:
        Automatic acceptance range                                             ? 2 interval (5 codes)
        Acceptance with Next Tokencode                                     ? 4 intervals (9 codes)
        Maximum limit (after 3 failures and Next Tokencode)        ? 10 intervals (21 codes)
Software Token:
        Automatic acceptance range                                              ? 10 interval (21 codes)
        Acceptance with Next Tokencode                                      ? 12 intervals (25 codes)
        Maximum limit (after 3 failures* and Next Tokencode)       ? 70 intervals (141 codes)
Administrative resync range (all tokens):                                   ? 12 hours (1441 codes)
* 3 failures is a default setting in an SDCONF.REC, and this single value is configurable (see administration documentation for more details)

Automatic acceptance range: A token within this range will give a Tokencode accepted as a standard authentication from an end user.
Acceptance with Next Tokencode: A token outside of the above range but within this range has a larger window where the first Tokencode is within the window and the end user is prompted for Next Tokencode during authentication.
Maximum limit range: A much larger window where the user will fail the authentication attempt and will continue to fail for three times. After this, they may type in a Tokencode within this range followed by the Next Tokencode.
Admin resync: This is the range where the administrator can use the resynchronization option in the display about the token in the ACE/Server administration menu.
First Use of Token (newly assigned token and New PIN mode): The first authentication attempt (where the user goes through the New PIN dialog) will use the Maximum limit range, since a subsequent complete authentication is then required anyway.
NOTE: The details above show fixed values - these token ranges are not configurable.
Legacy Article IDa19272

Attachments

    Outcomes