Offline days and Windows 10
I am encountering a problem when a SecurID token is moved to a new mobile device the user cannot use the new token when authenticating offline to Windows 10. They have to use the old device to authenticate offline. The binding ID was switched to the new device ID on their account. When they are connected to the LAN and can reach the RSA server they have to use the new device.
I was able to work around this by removing the MFA software, reinstalling it, and having the user authenticate with the new device. Of course, this isn't optimal but it was all I could figure out to try.
I had the user refresh their offline days when they authenticated with the new device's SecurID but that had no effect when offline either.
It would seem that even if you just update the binding ID of the account with the new one from the device that doesn't let the previously cached offline days work. So my only thought is I have to clear those offline days from the system. How do you do that or is there a better way to do a transfer of a SecurID token from one device to another?