Rate this Content

1 Rates
100 %

What if a user's Time-Based token is out of synchronization and the Re-sync option in SA Server/IDConfirm 1000 User Portal does not work? (For administrators)

Applies to

SA Server 4.0 and 5.2/IDConfirm 1000 using Time based IDProve tokens  All server O/S's.


With time-based IDProve (Easy v3) unconnected tokens, the time window for authenticating with OTPs is 30 seconds.   Every 30 seconds, the OTP changes.  The clock is set in the token at perso, and cannot be adjusted after that.  On the server side, SA Server must be configured with an NTP (network time protocol) server for accurate time.  Each time the token authenticates to SA Server, the server adjusts for the drift of the token.  If a token is not used often, the amount of drift can surpass the threshold of the calculation of OTP's on the server side, and the token becomes de-synchronized.  If re-sync option in the SA Server User Portal fails to re-sync the token, follow these instructions:

Log into the SA Server/IDConfirm 1000 Admin Portal.  Choose Manage Policies>View all Time Based Policies.  You should see the policy as shown below.  In the Time Based Policy Information; change the Manual Sync Window to 200, Update, then try to re-sync the tokens at issue.  After tokens are re-sync'd, change the setting back to default.  If you continue to have this issue, or have users that only authenticate occasionally, set the Authentication Window to 5, and Manual Sync Window to 100.

To top

More information

To understand the meaning of the different fields please look at this FAQ: "What are the meaning of the fields in the time-based policy"

To top

No comments
Add comment

* - required field


CAPTCHA image for SPAM prevention If you can't read the word, click here.


Latest updated pages