One-time password tokens can be out of sync causing failure to login.

For event/counter based OTP tokens, the most common cause of out-of-sync is that the user has generated too many dynamic passwords in the token device without using them.

For time based OTP tokens, time drifts in the token device can cause a token to be out of sync with the server. 

In DualShield you can pre-set a window in which tokens can be automatically synchronised by the server.  However, when the counter (or the clock) in a token has drifted outside the pre-set window, the token has to be manually synchronised by the user (or the system administrator).

The preset window values are configurable in the token’s policy settings.

Synchronising Tokens

Tokens can be synchronised by left click on the context menu of the token to be synchronised, then select "Synchronise";

A window will now open titled "Synchronise";

Depending on the token’s policy settings, you will need to generate two or more OTPs from the token and enter them against the prompts "OTP 1:", "OTP 2:" above.

Optionally, At the prompt "Search Scope:", enter a value that will allow a wider search (overwriting the token’s synchronisation policy setting: "Maximum steps/time windows in manual synchronisation").

When you have completed entering OTP details click "Synchronise" to synchronise the selected token.

 
If the synchronisation succeeded you will be presented with a message similar to the following;

otherwise, If the the synchronisation failed you will see a popup window similar to this;

Token synchronisation may also be performed by the users themselves by using the "Synchronise" feature found in the "My Tokens" section of the Self-Service Console;

  • No labels