First I want to thank you for reading this, I hope I'm in the right place.
We have started moving from Hard Tokens to SecurID on smart phones & as a result we are getting people to start using the SelfService Console. Previously they had no reason to use it so it was not advertised. We are an Active Directory site & the Identity Source is an AD group. The issue is that when some people attempt to log into the SelfService Console they do so using their AD username & password, others, for no reason I can see are forced to use their RSA Passcode & not their AD password. I cannot see any reason for this. We do not have multiple AD groups, nor do we have different policies. This set up is as basic as you can get.
Any ideas on where to look would help. Thank you.