Bulk authenticator maintenance

In many environments, unnecessary authenticator data can accumulate over time. For instance, when using multi-device licensing (MDL) authenticators a significant number of unused authenticator instances can remain in the database and reduce system performance and security. Such unused authenticator instances can occur due to various reasons:

• An authenticator instance exists, but the activation was never finished, hence the authenticator instance has no DIGIPASS Push Notification Identifier (PNID) or authenticator BLOB data assigned.
• An authenticator instance exists and has a PNID assigned, but was never used as newer authenticator instances exist.
• An authenticator instance exists and has a PNID assigned and a last used date set, but a newer authenticator instance with the same PNID exists and is used.
• The MDL authenticator was not used for a long time.

The Administration Web Interface provides the Bulk Cleanup DIGIPASS maintenance command to help you to clean up and purge unused authenticator data based on various criteria. It supports the following cleanup strategies:

• Instances with reused PNID. Deletes all authenticators instances that have a reused DIGIPASS Push Notification Identifier (PNID) assigned. The PNID is considered reused if another authenticator instance for the same authenticator license exists, which uses the same PNID but has a higher sequence number.
• Digipass not used for a specified period. Deletes all authenticators and authenticator instances that were not used at least once for a specified number of days (retention period). The usage is determined by the date and time the authenticator was used the last time for a successful authentication. It is only set and updated if the authenticator is assigned and used by the respective user.

Note that authenticator licenses are not processed or deleted by this command.