Can RSA SecurID tokens exist in more than one RSA Authentication Manager deployment?
Originally Published: 2019-09-13
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.0
Issue
Resolution
- Hardware token seed records existing in multiple Authentication Manager deployments put each Authentication Manager deployment at risk. Each Authentication Manager deployment where the token record has been imported knows the same token code being displayed on the token and this could lead to compromising each Authentication Manager deployment.
- PIN management for the token may be confusing for the end user as the end user would have to ensure they create and use the same PIN for the different Authentication Manager deployments.
- RSA Authentication Manager is a time synchronous solution and the token records have a clock offset value to ensure the end user can always authenticate in an Authentication Manager deployment. Should the same token exist in another Authentication Manager deployment, there is no guarantee this token record in the other Authentication Manager deployment will have the same clock offset value and there is a likelihood that the token will authenticate in one Authentication Manager deployment but not the other or vice versa.
Related Articles
Security Domains Number of Views Delete a Trusted Realm Number of Views Enable a Trusted Realm Number of Views Add a Security Domain Number of Views RSA SecurID Tokens Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process Downloading RSA Authentication Manager license files or RSA Software token seed records When configuring LDAP or LDAPS in RSA Authentication Manager with a global catalog the connection fails
Don't see what you're looking for?
