RSA Product Set: SecurID
RSA Product Version: AM 8.x
Authentication using hardware tokens in CyberArk fails, and the Authentication Activity Monitor logs the error: "Bad tokencode but good PIN." This occurs even when the passcode is valid.
However, testing authentication with the same token and credentials is successful through the Self-Service Console.
The failure occurs because the hardware token generates a passcode that combines a 4-digit PIN with a 6-digit tokencode, resulting in a 10-digit passcode. CyberArk does not accept passcodes of this length, leading to the "Bad tokencode but good PIN" error during authentication.
As a workaround, disable the PIN requirement for the affected hardware tokens as outlined in this article Allow a User to Authenticate Without an RSA SecurID PIN.
Alternatively, contact CyberArk Support for further assistance.
Related Articles
Cloud Administration Delete Hardware Token API Number of Views What does the small 3 above the blinking diamond on the RSA SecurID hardware token display indicate? Number of Views RSA Hardware Authenticators Number of Views Assign Hardware Tokens to Multiple Users Number of Views Assign a Hardware Token to a User in the User Dashboard Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide RSA Release Notes for RSA Authentication Manager 8.8 Troubleshooting RSA MFA Agent for Microsoft Windows How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle The Template ({Connector Template Name}) has missing file content error when creating AFX Connectors in RSA Identity Gover…
