SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.

How to create a report with users with Next Tokecode mode

I am looking to create a report with users that did not authenticated past certain timeframe, let's say three months but I realized the report doesn't include users that are at "Next Tokencode" mode. How can I either fix the report to include those user or just report separately only the user with the "Next Tokencode" mode?



Labels (1)
1 Reply
Employee (Retired) Employee (Retired)
Employee (Retired)

Chris Pissouriou‌,


There is not an out of the box report template that shows users with tokens that are in next tokencode mode.


As an alternative, you can SSH to your primary and run the rsautil named sync-tokens.  The output of this command will provide a list of tokens in next tokencode mode.  Note that the -I switch in the command is an uppercase i.  Press Enter to select the default options in parentheses below:

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter OS user password>
Last login: Tue Sep 13 14:42:46 2016 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am81p:~> cd /opt/rsa/am/utils
rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil sync-tokens -I

Authenticator Bulk Synchronization Utility (1384830)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.

Enter the absolute path for the output report file : <define the file path and file name, such as /tmp/ntc.csv>
Enter the base security domain name for recursive search [(none)]: <press Enter>
Enter the type of token selection [ (all) | file ]: <press Enter>
Choose a token filter [ assigned | unassigned | (both) ]: <press Enter>
What action do you wish to perform? [ (list) | modify ]: <press Enter>
Enter administrator user ID : <enter the user ID of a super admin user>
Enter administrative password : <enter the password for the super admin user>


Authenticator Bulk Synchronization Utility (1384830)
Copyright (C) 1994 - 2014 EMC Corporation. All Rights Reserved.

Started job on Fri Sep 16 15:35:56 EDT 2016 with ID = ims.ae00d5d51e02a8c018c9b965cc3079db

When done, use WinSCP or FileZilla to copy the file to your local machine for review.


The following data is in the report:

  • Token Serial Number
  • Clock Offset
  • Next Tokencode Mode Status
  • Last Login Date/Time
  • Principal Lockout Status
  • Security Domain
  • Expiration Date Database
  • Expiration Date Security Block


The value for Next Tokencode Mode status will be listed as true or false.


Please let me know if you have further questions.