Login
    Contenu x
    Authenticator record locations
    • 03 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Authenticator record locations

    • Mis à jour le 03 Jan 2025
    • 3 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    When looking for an available authenticator record to assign to a user, OneSpan Authentication Server Appliance will first look in the same organizational unit as the specific user account if the user account belongs to an organizational unit. The Search Upwards in Organizational Unit hierarchy option allows OneSpan Authentication Server Appliance to search in parent organizational units and the authenticator pool container. This option can be set in the policy for system searches—i.e. auto-assignment and self-assignment (see auto-assignment (Overview) and self-assignment (Overview))—or at the time of the search for manual assignment.

    OneSpan Authentication Server Appliance will always find or assign the closest available authenticator record to the selected user record(s).

    If an authenticator is assigned to a user account that does not belong to an organizational unit, OneSpan Authentication Server Appliance will look for an available authenticator record that does not belong to an organizational unit either, i.e. for an available record stored directly in the domain.

    Typical authenticator location models

    Domain root

    Authenticator records may be stored in the domain root while unassigned.

    This option allows a centralized point of access for assignment of authenticator records. It requires less calculation and high-level administration, because the authenticator records are all stored in one area and there is no need to manually move records or calculate the exact number of authenticators required for each organizational unit or group of units. Administrators must belong to the domain only (not an organizational unit) to assign authenticators from the domain root.

    Authenticator record location – Domain root

    Figure:  Authenticator record location – Domain root

    In the example illustrated in Figure: Authenticator record location – Domain root, OneSpan Authentication Server Appliance searches upwards through the organizational unit structure for available authenticator records to assign to a user account in the organizational unit B1. Because no available authenticator records are found in B1, it searches in B, then in the domain root.

    The administrator account that is used to manually assigning the authenticator records must be located in the domain root (no organizational unit) for this model to work successfully.

    The Search Upwards in Organizational Unit hierarchy option must be enabled for this model to function correctly.

    This scenario is simplified if no organizational unit structure is used in the database. User accounts and authenticator records may all be stored in the domain root. In that case, the Search Upwards in Organizational Unit hierarchy option is not required.

    Parent organizational units

    Unassigned authenticator records can be kept in key organizational units, and made available to their lower-level organizational units.

    Authenticator record location – Parent organizational unit

    Figure:  Authenticator record location – Parent organizational unit

    In the example illustrated in Figure: Authenticator record location – Parent organizational unit, OneSpan Authentication Server Appliance can search in the parent organizational unit for available authenticator records.

    The administrator account that is used to manually assigning the authenticator records must belong to the parent organizational unit.

    The Search Upwards in Organizational Unit hierarchy option must be enabled for this model to function correctly.

    Individual organizational units

    Authenticator records can be loaded or moved into each organizational unit where and when they are required. If all authenticators in the organizational unit are assigned, more authenticator records must be moved to it manually by a domain administrator before they can be assigned.

    Authenticator record location – Individual organizational units

    Figure:  Authenticator record location – Individual organizational units

    In the example illustrated in Figure: Authenticator record location – Individual organizational units, unassigned authenticator records are stored in the same organizational units in which they will be assigned.

    Administrator accounts belonging to the organizational units A1 and A2 have administration privileges in their own organizational unit only.

    The Search Upwards in Organizational Unit hierarchy option is not required for this model.

    Combination of models

    Authenticator records can be stored in the domain root as well as some or all organizational units. If no available authenticator records are found in the organizational unit, and the Search Upwards in Organization Unit hierarchy option is enabled, then OneSpan Authentication Server Appliance will search upwards to the domain root and search in the authenticator pool for an available, unassigned authenticator record.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle