Can a RSA SecureID user can be a member of 2 different groups while using one token? Or is two tokens absolutely required?
Not sure which groups you are referring to, but if agents are not restricted (by group) any user with a token can typically authenticate against any agent.
If the agent has a challenge group, either local or AD/LDAP, and the users is to be challenged that user must logon with a Passcode
And if the users is in dozens or hundreds of AD/LDAP groups, when that user attempts to logon to a protected Windows agent, RSA will do a getGroups for that user and compare to the Challenge group, which all works fine unless the group or user is from another AD forest, then results can be unpredictable
Retrieving data ...