Regarding the RSA AMIS API's POST /auth function I notice that you do not need to specify the specific token that the user is attempting to authenticate with, but only the pass code yet a successful auth call returns the correct token serial number that the pass code was being sent from.
If a user has more than one token assigned to them, how does this call know from the back end which token the user is trying to send a pass code from?
I know that RSA generally uses a combinations of different variables such as time, pin set, etc. Would the system know which token the auth call is being sent from based on a certain variable?
Hi Stephen - the backend (RSA SecurID Authentication Manager) compares the provided passcode against each of the user's assigned token(s).
Hope that helps,
Ted