| POLICYFLD_ACCEPTED_DOMAIN | String | A comma-separated list of domains for which user authentication and signature validation requests are accepted. |
| POLICYFLD_ACT_MSG_VALIDITY | Integer | The number of days before the first activation message expires. Applies if Secure Channel is supported. |
| POLICYFLD_ACTIVATION_COMPLETED_NOTIFICATION | Integer | Determines whether a notification should be sent to the user when a delayed authenticator activation completes (delayed activation). |
| POLICYFLD_ACTIVATION_DELAYED_NOTIFICATION | Integer | Determines whether a notification should be sent to the user when an authenticator activation is delayed (delayed activation). |
| POLICYFLD_ACTIVATION_NOTIFICATION_DELIVERY_METHOD | String | Specifies the default delivery method to send notifications for delayed activation. Possible values: |
| POLICYFLD_APPL_NAMES | String | A comma-separated list of authenticator applications that may be used. Up to 255 characters. |
| POLICYFLD_APPL_TYPE | String | A comma-separated list of authenticator application types that may be used. Possible values: - Default
- No restriction
- Response Only
- Challenge/Response
- Signature
- Multi-Mode
|
| POLICYFLD_ASSIGN_MODE | String | Specifies the method of automated authenticator assignment that will be used for this policy, if any. Possible values: - Default. Use the setting of the parent policy.
- Auto-Assignment. Use the auto-assignment method. Do not reset the server PIN.
- Self-Assignment. Use the self-assignment method. Do not reset the server PIN.
- Auto-Assignment-Pin-Reset. Use the auto-assignment method and reset the server PIN during assignment.
- Self-Assignment-Pin-Reset. Use the self-assignment method and reset the server PIN during assignment.
- Neither. Do not use either method of automated assignment.
|
| POLICYFLD_ASSIGN_SEARCH_UP_OU_PATH | String | Controls the search scope for an available authenticator for auto-assignment or provisioning registration, or for a specific authenticator for self-assignment. Search the current organizational unit and up the tree as high as possible. Possible values: |
| POLICYFLD_AUTHUSER_MAX_THREAD_SUSPEND | Integer | Specifies the time span in seconds during which authentication via a particular push notification message is possible, i.e. the time span between sending a push notification message to a mobile device and the response from the OneSpan Mobile Authenticator app. When the timeout period has elapsed, authentication using the push notification message will fail. Possible values: 0–300 |
| POLICYFLD_AUTOLEARN | String | Specifies whether password autolearn is enabled for the policy. Possible values: |
| POLICYFLD_AVOID_INITIAL_SYNC | String | When an authenticator is used for the first time, OneSpan Authentication Server calculates the initial deviation between the authenticator time and the server time, based on the initial synchronization time window (specified by POLICYFLD_SYNCWINDOW). POLICYFLD_AVOID_INITIAL_SYNC allows you to avoid this time shift initialization on the server side. Possible values: - Default. Use the setting of the parent policy.
- No. The initial time synchronization is never omitted. OneSpan Authentication Server handles the time shift for all authenticator types.
- Software DIGIPASS only. This avoids the initialization for time-based software authenticators on the server side. This can be useful, because the time shift is usually handled by the mobile app, so it can be omitted on the server side. For hardware authenticators the time shift is still handled on the server side.
Default value: Software DIGIPASS only |
| POLICYFLD_BACKEND_AUTH | String | Specifies whether authentication requests using the policy will be handled by OneSpan Authentication Server using back-end authentication. Possible values: - Default
- None
- If Needed
- Always
|
| POLICYFLD_BACKEND_PROTOCOL_ID | String | Specifies the protocol to be used for back-end authentication. Up to 32 characters. Supported values: - Windows
- RADIUS
- e-Directory
- Active Directory
- Tivoli
|
| POLICYFLD_BACKUP_VDP_ENABLED | String | Possible values: - Default
- No
- Yes – Permitted
- Yes – Required
|
| POLICYFLD_BACKUP_VDP_MAX_DAYS | String | Possible values: 0–30 |
| POLICYFLD_BACKUP_VDP_MAX_USES | Integer | Possible values: 0–99999 |
| POLICYFLD_BACKUP_VDP_REQUEST_KEYWORD | String | The keyword to use when a user wants to request a backup Virtual Mobile Authenticator login. The request is made in the password field during login. The request will be ignored if the user does not have an authenticator assigned that is activated for the backup Virtual Mobile Authenticator feature, or if other policy or authenticator settings do not permit to use backup Virtual Mobile Authenticator. Up to 16 characters. |
| POLICYFLD_BACKUP_VDP_REQUEST_METHOD | String | The method if and how a user can request a backup Virtual Mobile Authenticator login when this policy is effective. The backup Virtual Mobile Authenticator feature is only supported if it is activated in the DPX file the authenticator was originally imported from. Possible values: - None
- Default
- Keyword
- Password
- KeywordPassword
- PasswordKeyword
|
| POLICYFLD_CHALLENGE_REQUEST_KEYWORD | String | The keyword to use when a user wants to request a 2-step Challenge/Response login. Used where POLICYFLD_CHALLENGE_REQUEST_METHOD is set to Keyword, KeywordPassword, or PasswordKeyword. Up to 16 characters. Can be blank. |
| POLICYFLD_CHALLENGE_REQUEST_METHOD | String | The method if and how a user can request a 2-step Challenge/Response login when this policy is effective. This is the only Challenge/Response mode available in a RADIUS environment. The request is made in the password field during login. The request will fail if the user does not have a Challenge/Response-capable authenticator assigned. The application types CR, SG, and MM support Challenge/Response login. Possible values: - None
- Default
- Keyword
- Password
- KeywordPassword
- PasswordKeyword
|
| POLICYFLD_CHECKCHALLENGE | Integer | This setting is used for advanced control over time-based Challenge/Response authentication. Possible values: - 0. No check is made. Required for 1-step Challenge/Response.
- 1. The challenge presented for verification must be the last one that was generated specifically for that authenticator. The regular operation mode for 2-step Challenge/Response. Should be used for standard RADIUS Challenge/Response authentication.
- 2. The challenge presented for verification is ignored. The last one generated specifically for that authenticator is used.
- 3. Only one verification is permitted per time step. This option only applies to time-based Challenge/Response.
- 4. If the same challenge and response are presented for verification twice in a row during the same time step, they are rejected.
Default value: 1 |
| POLICYFLD_CHG_WIN_PWD_ENABLED | String | |
| POLICYFLD_CHG_WIN_PWD_LENGTH | Integer | |
| POLICYFLD_CHKINACTDAYS | Integer | |
| POLICYFLD_CLIENT_GROUP_LIST | String | |
| POLICYFLD_CLIENT_GROUP_MODE | String | |
| POLICYFLD_CREATE_TIME | DateTime | The date and time the data record was created.
Always part of the policy command output (except for POLICYCMD_DELETE). |
| POLICYFLD_CUSTOM_REQUEST_BODY | String | If true, transaction fields in the signing request can be defined using SIGNFLD_REQUEST_BODY instead of a data field list. Applies if Secure Channel signature is supported. Possible values: |
| POLICYFLD_DCR | String | Deprecated. Do not use. |
| POLICYFLD_DEFAULT_DOMAIN | String | Specifies the default domain where OneSpan Authentication Server should look for and create user accounts if no domain is specified by the user credentials. Up to 255 characters. |
| POLICYFLD_DELAYED_ACTIVATION_PERIOD | Unsigned integer | The delayed activation period (in hours), i.e. the time span after the activation until an activated (software) authenticator can effectively be used for authentication and signature operations. Possible values: 0–4,294,967,295 (UInt32.MaxValue) |
| POLICYFLD_DESCRIPTION | String | Policy description. |
| POLICYFLD_DIGIPASS_TYPES | String | A comma-separated list of authenticator models that can be used. The Type field in your authenticator records will display the model number of each authenticator type loaded. Example values: - DPEMV
- DIGIPASS 300
- DIGIPASS GO 7
Up to 255 characters. |
| POLICYFLD_DP_EXPIRATION_PERIOD | Integer | The number of days until an authenticator expires by default. |
| POLICYFLD_DP_TYPE_LIMIT | String | List of comma-separated key-value pairs that define the maximum number of assigned authenticators allowed per user for a specific authenticator type. The key and value are separated by a semicolon, each key/value pair is separated by a comma. If you set the limit for a specific authenticator type to 0, no instances for that authenticator type can be assigned. If this attribute is set to NULL, no additional limits per authenticator type are set, except for the default ones, e.g. specified by POLICYFLD_DIGIPASS_TYPES. Up to 1024 characters. Example value: DP300;5,DP270;8, Default value: NULL Availability: 3.22 and later |
| POLICYFLD_DUR | String | Specifies whether Dynamic User Registration (DUR) is enabled in the policy. Possible values: |
| POLICYFLD_EVENTWINDOW | Integer | Controls the maximum number of events' variation allowed between an authenticator and OneSpan Authentication Server during logon. This only applies to event-based authenticator applications. It always applies when verifying a one-time password (OTP), but for signature validation, it depends on the online signature level setting whether the event window is used or not. Default value: 20 |
| POLICYFLD_GRACE_PERIOD | Integer | This is the default period (in days) between the auto-assignment of an authenticator and the date users are required to start using their authenticator to log in (if applicable). |
| POLICYFLD_GROUP_CHECK_MODE | String | Specifies whether and how Windows Group Check is to be used. Possible values: - Default
- No Check
- Pass Back
- Reject
- Back-End
|
| POLICYFLD_GROUP_LIST | String | A comma-separated list of the Windows group names to be checked according to the specified value for the policy attribute POLICYFLD_GROUP_CHECK_MODE. There are some important limitations of this check: - Certain built-in Active Directory groups such as Domain Users and Everyone will not be checked. The check is intended to be used with a new group created specifically for this purpose.
- Nested group membership will not be detected by the check.
- There is no domain qualifier for a group. The named group must be created in each domain where user accounts exist that need to be added to the group.
A local machine group can also be used. Up to 4000 characters. |
| POLICYFLD_ITHRESHOLD | Integer | Specifies the number of consecutive failed authentication attempts allowed before the authenticator application is locked for future authentication attempts. Once the authenticator application is locked, the DIGIPASSAPPLCMD_UNLOCK command is required to unlock it. |
| POLICYFLD_ITIMEWINDOW | Integer | Controls the maximum number of time steps' variation allowed between an authenticator and OneSpan Authentication Server during logon. This only applies to time-based authenticator applications when verifying a one-time password (OTP). Default value: 20 |
| POLICYFLD_LOCAL_AUTH | String | Specifies whether authentication requests using the policy will be handled by OneSpan Authentication Server using local authentication. Possible values: - Default. Use the setting of the parent policy.
- None. No local authentication is performed.
- Digipass Only. The users can only authenticate using their authenticators.
- DIGIPASS/Password. As long as the grace period for the authenticator has not expired, users can use either their authenticators or their static passwords to log in. After the grace period has expired, only authentications with authenticator can be performed.
- DIGIPASS or Password: Users can use both their authenticator or their static password to authenticate, independent of the grace period. In the context of the authentication scenario, use of this authentication mode is subject to licensing. For provisioning, this authentication mode is license-free.
|
| POLICYFLD_LOCK_DURATION_MULTIPLIER | Integer | The multiplier factor to increase the lock duration (initial value specified by POLICYFLD_MIN_LOCK_DURATION) after each unsuccessful authentication. The value is given in percent. For example, a value of 200 effectively doubles the lock duration after each unsuccessful authentication. Applies only if user auto-unlock is enabled, effectively by setting POLICYFLD_MAX_UNLOCK_TRIES. Possible values: 100–500 |
| POLICYFLD_MAX_UNLOCK_TRIES | Integer | The maximum number of attempts to unlock a locked user account during authentication (user auto-unlock) before it is permanently locked. A locked user account with no unlock attempts left can only be unlocked manually by an administrator. Setting this value to 0 effectively disables user auto-unlock. Possible values: 0–999 |
| POLICYFLD_MIN_APP_VERSION | Integer | The authenticator application version number required to parse the request message. Applies if Secure Channel signature and authentication are supported. Possible values: 0–3 |
| POLICYFLD_MIN_LOCK_DURATION | Integer | The time span a locked user account remains locked before a user can try to authenticate again and unlock it using user auto-unlock. The value is given in minutes. Applies only if user auto-unlock is enabled, effectively by setting POLICYFLD_MAX_UNLOCK_TRIES. Possible values: 0–99999 |
| POLICYFLD_MOBILE_APP_NAME | String | The name of the mobile application that push notification messages are sent to. |
| POLICYFLD_MODIFY_TIME | DateTime | The date and time the data record was last modified.
Always part of the policy command output (except for POLICYCMD_DELETE). |
| POLICYFLD_MULTI_DP_APPL_VALIDATION_MODE | String | Determines whether OneSpan Authentication Server should authenticate a user if multiple authenticator applications are assigned. Possible values: - Default
- Multiple DIGIPASS Applications Allowed
- Single DIGIPASS Applications Allowed
|
| POLICYFLD_NESTED_GROUPS_ENABLED | String | Determines whether the Nested Groups feature is to be used for Windows Group Check during user authentication. Possible values: - Default. Use the setting of the parent policy.
- No. Nested group are not used.
- Yes. Nested groups are used.
|
| POLICYFLD_OFFLINE_AUTH_ENABLED | String | |
| POLICYFLD_OFFLINE_MAX_EVENTS | Integer | |
| POLICYFLD_OFFLINE_TIME_INTERVAL | Integer | |
| POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT | String | A check digit may be added to the generated challenge. This allows the authenticator to identify invalid challenges more quickly. Possible values: |
| POLICYFLD_ONE_STEP_CHAL_LENGTH | Integer | Specifies the length of the challenge (excluding a check digit set in POLICYFLD_ONE_STEP_CHAL_CHECKDIGIT) which should be generated for 1-step Challenge/Response logins. Possible values: 0–16 |
| POLICYFLD_ONE_STEP_CHAL_RESP | String | Controls whether 1-step Challenge/Response logins will be enabled for the current policy and, if so, where the challenge should originate from. POLICYFLD_CHECKCHALLENGE must be included and set to 0. Not available in a RADIUS environment. Possible values: - Default
- No
- Yes - Server Challenge
- Yes - Any Challenge
|
| POLICYFLD_ONLINESG | Integer | This setting is used for advanced control of signature validation. Possible values: - 0. The signature is validated in offline mode. This is useful when the signatures may not be validated in the same sequence as they are generated by the user. It is also useful when there may be some delay after the signature is generated by the user, before the signature is validated. This value can be used for authenticator applications that are neither time- nor event-based.
- 1. The signature is validated in online mode. This is useful when the signatures are expected or required to be validated immediately after they are generated.
- 2. The signature is validated in strict online mode. This is useful for time-based signatures when you want to prevent more than one signature from the same time step from being validated. Otherwise, this mode is the same as online mode.
- 3. The signature is validated using the deferred event count. This mode only applies to event-based signatures. For each signature validation request, the deferred event count must be supplied as a parameter.
Default value: 0 |
| POLICYFLD_PARENT_POLICY_ID | String | Specifies the parent policy. Settings set to Default or left blank will use settings from the parent policy. Cannot be the same as POLICYFLD_POLICY_ID, i.e. a policy cannot inherit from itself. Up to 60 characters. |
| POLICYFLD_PIN_CHANGE_ALLOWED | String | Possible values: |
| POLICYFLD_POLICY_ID | String | Unique policy identifier. The following characters are not allowed: /\:;,|'"<>[]&@=+*?#. Up to 60 characters. |
| POLICYFLD_PRIMARY_VDP_REQUEST_KEYWORD | String | The keyword to use when a user wants to request a primary Virtual Mobile Authenticator login. Up to 16 characters. Can be blank. |
| POLICYFLD_PRIMARY_VDP_REQUEST_METHOD | String | The method if and how a user can request a primary Virtual Mobile Authenticator login when this policy is effective. The request is made in the password field during login. The request will be ignored if the user does not have an authenticator assigned that allows primary Virtual Mobile Authenticator login. Possible values: - None
- Default
- Keyword
- Password
- KeywordPassword
- PasswordKeyword
|
| POLICYFLD_PRIVILEGED_USERS | String | Determines whether users who have administrative privileges assigned are allowed to authenticate. Possible values: - Default
- Accept
- Reject
- Require
|
| POLICYFLD_PUSH_NOTIFICATION_MESSAGE_SUBJECT | String | The text that will be used as the subject of push notifications sent for authentication and signature operations. Up to 255 characters. Availability: 3.17 and later |
| POLICYFLD_PUSH_NOTIFICATION_MESSAGE_TITLE | String | The text that will be used as the title of push notifications sent for authentication and signature operations. Up to 255 characters. Availability: 3.17 and later |
| POLICYFLD_PUSH_NOTIFICATION_REQUEST_KEYWORD | String | The keyword to use when a user wants to request a push notification for authentication. Used where POLICYFLD_PUSH_NOTIFICATION_REQUEST_METHOD is set to KeywordOnly, KeywordPassword, or PasswordKeyword. Up to 16 characters. May be blank. |
| POLICYFLD_PUSH_NOTIFICATION_REQUEST_METHOD | String | The method if and how a user can request a push notification for authentication when this policy is effective. Possible values: - None
- Default
- Password
- KeywordOnly
- KeywordPassword
- PasswordKeyword
|
| POLICYFLD_RADIUS_ALLOWED_PROTOCOLS | String | A comma-separated list of RADIUS protocols that may be used for authentication requests. Only attributes belonging to the listed groups will be returned via this policy. |
| POLICYFLD_RADIUS_REP_ATTR_ENABLED | String | Determines whether OneSpan Authentication Server should return RADIUS attributes from a user account when it returns an Access-Accept packet. Possible values: |
| POLICYFLD_RADIUS_REP_ATTR_GROUP_LIST | String | A comma-separated list of attribute groups. |
| POLICYFLD_RADIUS_SESSION_GROUP_LIST | String | List of Windows group names that is to be checked according to the specified value for the policy attribute. Comma-separated list of group names, up to 1024 characters. |
| POLICYFLD_RADIUS_SESSION_LIFETIME | 32-bit unsigned integer | The lifetime of the RADIUS session in seconds. |
| POLICYFLD_RADIUS_SESSION_TICKET_LIFETIME | 32-bit unsigned integer | |
| POLICYFLD_RADIUS_SESSION_TICKET_REUSE | 32-bit unsigned integer | |
| POLICYFLD_SECOND_OTP_SYNC_ENABLED | String | |
| POLICYFLD_SECURE_CHAL_FONT_INDEX | Integer | OneSpan Authentication Server supports various character encodings that are used to display formatted text of Secure Channel messages on a device. If an authenticator implements multiple font tables, you can set the font table index to specify the font table (character encoding) to use. Applies if Secure Channel is supported. Possible values: - 0. ISO-8859-15.
- 1. Katakana.
- 2. Central and Eastern Europe.
- 3. Greek.
|
| POLICYFLD_SECURE_CHAL_REQ_PIN | String | If true, the authenticator must verify the PIN before generating the response. Applies if Secure Channel authentication is supported. Possible values: |
| POLICYFLD_SECURE_CHAL_TEMPLATE_NO | Integer | Selects the template in the authenticator which specifies the layout of a page with transaction data. Applies if Secure Channel authentication is supported. Possible values: 0–15 |
| POLICYFLD_SECURE_CHANNEL | String | Determines whether authenticator applications that support Secure Channel may be used. Possible values: - Default
- No
- Yes - Permitted
- Yes - Required
|
| POLICYFLD_SECURE_SIGN_FONT_INDEX | Integer | OneSpan Authentication Server supports various character encodings that are used to display formatted text of Secure Channel messages on a device. If an authenticator implements multiple font tables, you can set the font table index to specify the font table (character encoding) to use. Applies if Secure Channel is supported. Possible values: - 0. ISO-8859-15.
- 1. Katakana.
- 2. Central and Eastern Europe.
- 3. Greek.
|
| POLICYFLD_SECURE_SIGN_REQ_PIN | String | If true, the authenticator must verify the PIN before generating the response. Applies if Secure Channel signature is supported. Possible values: |
| POLICYFLD_SECURE_SIGN_SHOW_RESPONSE | String | If true, the response will be displayed on the authenticator. Applies if Secure Channel signature is supported. Possible values: |
| POLICYFLD_SECURE_SIGN_SHOW_WARNING | String | If true, a pre-loaded warning will be shown on the authenticator. Applies if Secure Channel signature is supported. Possible values: |
| POLICYFLD_SECURE_SIGN_TEMPLATE_NO | Integer | Selects the template in the authenticator which specifies the layout of a page with transaction data. Applies if Secure Channel signature is supported. Possible values: 0–15 |
| POLICYFLD_SELF_ASSIGN_MAX_TOKENS | | |
| POLICYFLD_SELF_ASSIGN_SEPARATOR | String | The character (or short sequence of characters) that will be included at the end of the authenticator serial number during a self-assignment login. Up to 8 characters. |
| POLICYFLD_STATIC_PWD_DIFF_TO_PREV | Integer | The number of unique new static passwords that must be used with a user account before a previous static password can be reused. |
| POLICYFLD_STATIC_PWD_EXPIRATION_NOTIFICATION | Unsigned integer | The period (in days) before a static password expires and the end user must be notified to update the static password. Applies to the local authentication mode DIGIPASS or Password only. Default value: 8 Possible values: 0–9999 If the value for this field is set to 0, this effectively means that the Notify-before-Expiration feature of the static password is not used. |
| POLICYFLD_STATIC_PWD_MAX_AGE | Unsigned integer | The maximum number of days during which a static password is valid. After this time, the password expires. Applies to the local authentication mode DIGIPASS or Password only. If the value for this field is set to 0, this effectively means that the Maximum-Age feature of the static password is not used. Default value: 42 Possible values: 0–9999 |
| POLICYFLD_STATIC_PWD_MIN_AGE | Unsigned integer | The minimum number of days a static password must be used before it can be changed again. Applies to the local authentication mode DIGIPASS or Password only. Default value: 1 |
| POLICYFLD_STATIC_PWD_MIN_LENGTH | Integer | The minimum number of characters for a static password. |
| POLICYFLD_STATIC_PWD_MIN_LOWER_ALPHA | Integer | The minimum number of lowercase alphabetic characters in a static password. |
| POLICYFLD_STATIC_PWD_MIN_NUMBER | Integer | The minimum number of numeric characters in a static password. |
| POLICYFLD_STATIC_PWD_MIN_SYMBOL | Integer | The minimum number of symbolic characters in a static password. |
| POLICYFLD_STATIC_PWD_MIN_UPPER_ALPHA | Integer | The minimum number of uppercase alphabetic characters in a static password. |
| POLICYFLD_STATIC_PWD_NOT_USERID_BASED | String | Indicates whether the password is allowed to contain all or parts of the user ID. |
| POLICYFLD_STHRESHOLD | Integer | Specifies the number of consecutive failed signature validation attempts allowed before the authenticator is locked for future signature validation attempts. Once the authenticator application is locked, the DIGIPASSAPPLCMD_UNLOCK command is required to unlock it. |
| POLICYFLD_STIMEWINDOW | Integer | Controls the maximum number of time steps' variation allowed between an authenticator and OneSpan Authentication Server during digital signature verification. This only applies to time-based authenticator applications when validating a signature. Only used if POLICYFLD_ONLINESG is set to 1 or 2. Default value: 24 |
| POLICYFLD_STORED_PASSWORD_PROXY | String | Specifies whether the Stored Password Proxy feature is enabled for the policy. Possible values: |
| POLICYFLD_SYNCWINDOW | Integer | Controls the maximum time variation allowed between an authenticator and OneSpan Authentication Server, the first time that the authenticator is used. The time is specified in hours. This initial time window is also used directly after a DIGIPASSAPPLCMD_RESET_APPL operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful logon. |
| POLICYFLD_USE_GENERIC_AUTH_STATUS_CODES | String | This setting specifies whether certain status codes and messages should be mapped to generic status information (STAT_INVCREDENTIALS) in server responses to prevent user account disclosure in authentication and provisioning scenarios. The real status code and message will still be visible in the audit and trace messages. Possible values: |
| POLICYFLD_USER_INACT_DAYS | Integer | The maximum number of days within which a user must log on again for the user account to remain valid. If a user does not log on within this period, the account will be locked due to inactivity. A locked account can be unlocked using the USERCMD_RESET_LAST_AUTH_TIME operation. |
| POLICYFLD_USER_INFO_SYNC | String | Determines whether to set user information when a user account is created using Dynamic User Registration (DUR) with an LDAP back-end server, by synchronizing the data from the LDAP back-end server to the respective user account data fields (DUR user information synchronization). Possible values: |
| POLICYFLD_USER_LOCK_THRESHOLD | Integer | This specifies the number of consecutive failed login attempts that will cause a user account to become locked. |
| POLICYFLD_VDP_CHALLENGE_MESSAGE | String | The challenge message displayed to the user when performing a Virtual Mobile Authenticator authentication. Up to 256 characters. |
| POLICYFLD_VDP_DELIVERY_METHOD | String | This field specifies how OTP values are sent via Message Delivery Component (MDC) Possible values: |
| POLICYFLD_VDP_MDC_PROFILE | String | The MDC profile to be used for the Virtual Mobile Authenticator message delivery with the selected delivery method. |
| POLICYFLD_VDP_SIGN_DELIVERY_METHOD | String | This field provides the user-specific override of the virtual signature message delivery method as defined in the policy, i.e. it defines how the virtual signature messages will be delivered to the end user. Possible values: - Default
- Email
- Email and Voice
- SMS
- SMS and Email
- SMS and Voice
- Voice
|
| POLICYFLD_VDP_SIGN_ENABLED | String | This field defines if virtual signature generation is allowed. Possible values: |
| POLICYFLD_VDP_SIGN_MDC_PROFILE | String | The MDC profile to be used for the virtual signature message delivery with the selected delivery method. |
