Creating a User Account

Creating a user account is possible only if you have the required administrative privileges. You can only create user accounts within your administrative scope.

Before you begin

• Ensure that you have administrative access to the OneSpan Authentication Server Administration Web Interface.
• Ensure that you have the Create User privilege assigned.
• If you want to override the default authentication policy settings for the user account created, ensure that you have the Set Authentication Policy Overrides privilege assigned.

Creating a user account

To create a user account

1. Log on to the Administration Web Interface.
2. Select USERS > Create.
3. Specify the user ID.
4. Select the domain from the list.
5. (OPTIONAL) Select the organizational unit for the user ID from the list.
6. (OPTIONAL) Type and confirm a static password for the user.

7. (OPTIONAL) Select a local authentication policy setting from the list.

   This is only possible if you have the Set Authentication Policy Overrides privilege assigned.

   This will override the respective policy setting specified in the effective policy for the user account created only.

8. (OPTIONAL) Select a back-end authentication policy setting from the list.

   This is only possible if you have the Set Authentication Policy Overrides privilege assigned.

   This will override the respective policy setting specified in the effective policy for the user account created only.

9. Select Disabled if you want the user account to be created in the Disabled state.
10. Select Locked if you want the user account to be created in the Locked state.
11. Specify the expiration date if you want to limit the validity period of the user account.

12. If required, specify a checker administrator.

    This is only required if maker–checker authorization is enabled. In that case, type the checker administrator in the Checker box, using the user@domain format.

    Select the Execute the operation automatically after approval checkbox if you want the operation to be executed automatically upon approval by the checker administrator.

13. Click SUBMIT.

    If maker–checker authorization is enabled, a pending operation is created for this action. Otherwise, the user account is created.

Additional considerations

• If you create a user account and specify a static password, the password is verified against the password complexity rules of the effective policy of the administration component currently used by Web Administration Service. If the password does not comply with the password complexity rules, the user account will not be created.

  If maker–checker authorization is enabled, the password is verified twice: once when the pending operation is created and once when the approved pending operation is completed. If the password complexity rules are modified in between, completing an approved pending operation may fail!

Additional tasks

• If maker–checker authorization is enabled, the command is not completed immediately, but must be authorized by another administrator, i.e. the checker administrator (see Approving a pending operation).
• After the pending operation has been approved by the checker administrator, you can complete it (see Executing an approved pending operation). If you selected the Execute the operation automatically after approval checkbox, the pending operation will be completed automatically on your behalf upon approval by the checker administrator.