Hi, currently our cisco vpn connections to our pix are authenticated by our TACACS server. I am trying to implement RSA secure ID by using the ACS as an agent. This part works fine, when I did a test authencation with rsa it asked to me create a pin. I am now able to authenticate via vpn with my ACS username and pin/token in the password box. However I dont know how to roll this out to users as I was expecting the cisco vpn client to ask any new users to create a pin, or to have a pin box ? Any ideas will be very appreciated.