SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

Actual value decreasing

hello Team,


when i first imported tokens to new system Actual value for the same was 1110 but now it has come to 1103.  

what can be the reason behind the decreased value of users with assigned authenticators' Actual value.



Labels (1)
3 Replies
Apprised Contributor Apprised Contributor
Apprised Contributor

Where in the Security Console are you seeing these numbers?

Did the token import file contain 1110 tokens?


on the license status page.

i imported the tokens in batches so it grew to 1110.


yesterday i compared the recent list and for 3 i was not able to find in user search itself so maybe they have left the company thats how the count is decreasing?


also if i am deleting expired tokens , will the license denominator decrease in number?

Apprised Contributor Apprised Contributor
Apprised Contributor

If you look at the following KB 

You can get an understanding of how RSA calculates the license count *

So if your Security Console - Setup - Licenses - Status at one point showed 1110 count, then at a later point in time showed 1103, that indicates 7 users changed their status, e.g. had their token, fixed passcode or RBA un-assigned.  What many sites configure is a Clean-up job


To find users who were in Active Directory or an LDAP identity source, who had a token assigned, but they no longer are in LDAP or AD, probably because they are no longer employees.  The Clean-up job looks at users no longer in AD and unassigns their tokens, freeing up the token to be used by someone else, and lowering the active user count.


An expired token can still count against the active User Limit count if it is assigned to a user.  I think you have to unassign the expired token before you can delete it, so if you did unassign, that could have lowered the license count.


RSA sells two things for use with Authentication Manager:

  • Active user license limits through a product license, and
  • Tokens, which can include hardware tokens, software tokens, on-demand authenticators (ODA) and/or and fixed passcodes.

Note the following about tokens and active users:

  • Any user with at least one of the above token authenticators assigned to them counts as one user against the active user limit, as defined in the software license.  This includes expired tokens assigned to any user, including LDAP external identity source users who have been removed or disabled in Active Directory.  Run a clean up job to determine which tokens can be unassigned free up your active user count.
  • A single user with two or more tokens of any type and a fixed passcode only counts as a single active user.
  • A single user with ODA enabled counts as an ODA user and an active user.