The purpose of the section "Synchronisation" is to provide a means to control the time synchronisation settings.

One-time password tokens can be out of sync causing failure to login.  For time based OTP tokens, time drifts in the token device can cause a token to be out of sync with the server.

In DualShield you can preset a window in which tokens can be automatically synchronised by the server.  However, when the counter or the clock in a token has drifted outside the preset window, the token has to be manually synchronised by the user or the system administrator.



This option allows the system administrator to specify the number of time windows that should be searched (both backwards and forwards) to find a matching OTP in order to automatically re-synchronise the token.


The value stored in this option specifies the default maximum time windows that the server will look forward and backward in order to manually synchronisation the token.

Manual synchronisation of a token is normally performed when a token has failed automatic synchronisation, and this option will state the number of time windows that will searched during a manual synchronisation.

If the system administrator wishes to performing a manual token synchronisation with a larger (or smaller) range of time windows, then a value will need to be supplied in field "Search Scope" (which will be used in preference to this policy setting);


This option allows the system administrator to specify the number of time windows that should be searched (both backwards and forwards) to find a matching OTP after an automatic synchronisation attempt has failed. The supplied value will therefore be higher than the value supplied for automatic synchronisation.

The purpose of this wider check for a matching OTP is to determine what type of authentication failure message to send to the user.


This option can be enabled if you want to automatically adjust for time and event drift on hardware tokens.

  • No labels