Modify hardware token settings

1. Click > Policies > Authenticators. The Authenticators page appears.

2. Select Hardware Token tab. The Hardware Token settings appears.

a. Set the Max. Time Steps to the amount of time (in 30 second intervals) that the token response is valid. The default is 10 (5 minutes).

b. Set the Max. Reset Time Steps to the amount of time (in 30 second intervals) for a token reset. The default is 120 (60 minutes), which is the allowable time difference between the token and the server clocks.

For event-based tokens (HOTP tokens)

a. Set Max Event Window to the numbers of token responses that are searched to find a matching user response during authentication. The value entered must be less than the Max Reset Event Window. The value must be between 1 and 25. The default value is 10.

b. Set Max Reset Event Window to the number of token responses that are searched to find a matching user response during a token reset operation. The value must be between 1 and 100. The default value is 80.

Note: If the token reset does not work, depending on the type of token you are using, try increasing the Max. Reset Time Steps or Max. Reset Event Window and then try to reset the token again. If the problem continues, call the Entrust customer support team.

3. Click Save to confirm changes to your Hardware Token authenticator settings.

Note: To use a TokenCR (Token Challenge/Response) hardware token, you additionally need to create a custom user login authentication flow that uses Token/Challenge Response for second-factor authentication. See Create authentication flows.