The following information is at the link below:
Sign On when using RSA SecurID
Important! For CA Advanced Authentication Mainframe signons to be successful, the application that is performing the signon validation must support password phrases or support areas for entering an old password and new password. Follow these steps: Perform the following verifications before signing on: Ensure that the IBM RACF userid is defined to the RSA server and a SecurID token has been assigned. Ensure that the user is defined with the correct MFA userid segment. Sign on by entering the RSA passcode in the password phrase area or by using the password and new password fields: Password Phrase Method If the application supports password phrases, the RSA passcode can be entered in the password phrase area of the application logon screen. Password + New Password Method The password and new password fields can be used to enter the RSA passcode. For IBM RACF, the software token is entered in the password field, and the PIN (if any) is entered in the new password field. Note: Many applications require you to enter the new password twice for verification. The application does not know whether the new password is really just a new password or part of an RSA passcode. So, you might need to enter the new password portion of the RSA passcode twice.