What is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager?
Originally Published: 2003-11-03
Article Number
Applies To
RSA ACE/Server
Microsoft Windows
UNIX
Token synchronization
Issue
What are RSA SecurID token sync ranges?
What is the range of tokencodes accepted by RSA ACE/Server or RSA Authentication Manager?
What is the maximum resynchronization range?
Resolution
Standard Token:
Automatic acceptance range ? 1 interval (3 codes)
Acceptance with Next Tokencode ? 3 intervals (7 codes)
Maximum limit (after 3 failures and Next Tokencode) ? 10 intervals (21 codes)
PINpad Token:
Automatic acceptance range ? 2 interval (5 codes)
Acceptance with Next Tokencode ? 4 intervals (9 codes)
Maximum limit (after 3 failures and Next Tokencode) ? 10 intervals (21 codes)
Software Token:
Automatic acceptance range ? 10 interval (21 codes)
Acceptance with Next Tokencode ? 12 intervals (25 codes)
Maximum limit (after 3 failures* and Next Tokencode) ? 70 intervals (141 codes)
Administrative resync range (all tokens): ? 12 hours (1441 codes)
* 3 failures is a default setting in an SDCONF.REC, and this single value is configurable (see administration documentation for more details)
Automatic acceptance range: A token within this range will give a Tokencode accepted as a standard authentication from an end user.
Acceptance with Next Tokencode: A token outside of the above range but within this range has a larger window where the first Tokencode is within the window and the end user is prompted for Next Tokencode during authentication.
Maximum limit range: A much larger window where the user will fail the authentication attempt and will continue to fail for three times. After this, they may type in a Tokencode within this range followed by the Next Tokencode.
Admin resync: This is the range where the administrator can use the resynchronization option in the display about the token in the ACE/Server administration menu.
First Use of Token (newly assigned token and New PIN mode): The first authentication attempt (where the user goes through the New PIN dialog) will use the Maximum limit range, since a subsequent complete authentication is then required anyway.
NOTE: The details above show fixed values - these token ranges are not configurable.
Related Articles
What is the aveksa_watchdog service in RSA Identity Governance & Lifecycle? Number of Views RSA Governance & Lifecycle Recipes: Report - Review Results - Review Summary Info Number of Views What are the custom attribute data type limits in RSA Identity Governance & Lifecycle Number of Views Additional Apache Struts INFO level messages in WebLogic log files. Number of Views What is the Return Merchandise Authorization (RMA) process for SID800 tokens? Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
