Pre-defined policies
  • 06 Jan 2025
  • 4 Minutes à lire
  • Sombre
    Lumière
  • PDF

Pre-defined policies

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Pre-loaded policies are created for OneSpan Authentication Server Appliance during installation and provide useful policy examples for typical environments.

The Base Policy provides globally applicable settings. In general, all other policies should inherit from it, either directly or indirectly.

Table: Pre-loaded policies
Policy nameParent policyDescriptionSettings different from parent policy
Base Policy-Globally applicable settings. In general, all other Policies should inherit from this, directly or indirectly.

User Lock Threshold=3

PIN Change Allowed=Yes

Challenge Request Method=Keyword

Primary VDP Request Method=Password

Backup VDP Request Method=Keyword

Password Backup VDP Request Keyword=otp

Identification Time Window=20

Check Challenge Mode=1

Event Window=20

Sync Window=6

Online Signature Level= 0

Identification Threshold=0

Local Authentication=None

Back-End Authentication=None

DUR=No

Password Autolearn=No

Stored Password Proxy=No

Group Check Mode=No

Check Assignment Mode=Neither

Search Up OU Path=No

Application Types=No Restriction

1-Step Challenge/Response=No

1-Step Challenge Check Digit=No

Backup VDP Enabled=No

IDENTIKEY Administration LogonBase PolicySettings for an administration logon including Audit Viewer live connection. Separated from the main authentication policies to avoid accidental interference. Locking is off to reduce the chance of a lock-out.

Local Authentication=DIGIPASS/Password during Grace Period

User Lock Threshold=0

IDENTIKEY Local AuthenticationBase PolicySettings applicable to all OneSpan Authentication Server Appliance authentication Policies, including local authentication. In general, all other OneSpan Authentication Server Appliance Policies using local authentication should inherit from this, directly or indirectly.Local Authentication=DIGIPASS/Password during Grace Period
IDENTIKEY Windows Password ReplacementIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for password replacement and Dynamic User Registration (DUR), using Windows back-end authentication.

Back-End Authentication=Always

Back-End Protocol=Windows

DUR=Yes

Assignment Mode=Neither

Password Autolearn=Yes

Stored Password Proxy=Yes

IDENTIKEY Microsoft AD Password ReplacementIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for password replacement with Microsoft Active Directory (LDAP connection).

Local Auth=Default

Backend Auth=Always

Backend Protocol=Microsoft AD

DUR=Yes

Password Autolearn=Yes

Stored Password Proxy=Yes

IDENTIKEY Novell eDirectory Password ReplacementIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for password replacement with NetIQ eDirectory (formerly Novell eDirectory) (LDAP connection).

Local Auth=Default

Backend Auth=Always

Backend Protocol=Novell eDirectory

DUR=Yes

Password Autolearn=Yes

Stored Password Proxy=Yes

IDENTIKEY Windows Auto-AssignmentIDENTIKEY Windows Password ReplacementOneSpan Authentication Server Appliance model for Auto-Assignment based on the Windows password replacement model.

Assignment Mode=Auto-Assignment

Search Up OU Path=Yes

Grace Period=7

IDENTIKEY Microsoft AD Auto AssignmentIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for Auto Assignment for Microsoft Active Directory

Local Auth=Default

Backend Auth=If Needed

Backend Protocol=Microsoft AD

Assignment Mode=Auto-Assignment

Search-Up-OU-Path=Yes

IDENTIKEY Windows Self-AssignmentIDENTIKEY Windows Password ReplacementOneSpan Authentication Server Appliance model for self-assignment based on the Windows password replacement model.

Assignment Mode=Self-Assignment

Search Up OU Path=Yes

Self Assignment Separator=|

IDENTIKEY Microsoft AD Self Assignment
OneSpan Authentication Server Appliance model for self-assignment for AD Password Replacement

Local Auth = Default

Backend Auth = Always

Backend Protocol = Microsoft AD

Assignment Mode = Self-Assignment

Search-Up-OU-Path = Yes

IDENTIKEY Novell eDirectory Self-AssignmentIDENTIKEY Novell eDirectory Password ReplacementOneSpan Authentication Server Appliance model for self-assignment for NetIQ eDirectory (formerly Novell eDirectory).

Local Auth = Default

Backend Auth = Always

Backend Protocol = Novell eDirectory

Assignment Mode = Self-Assignment

Search-Up-OU-Path = Yes

IDENTIKEY RADIUS Password ReplacementIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for password replacement using a RADIUS server for back-end authentication.

Backend Authentication=Always

Backend Protocol=RADIUS

Password Autolearn=Yes

Stored Password Proxy=Yes

IDENTIKEY RADIUS Auto-AssignmentIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for auto-assignment based on the RADIUS password replacement model.

Grace Period=7

Search Up OU Path=Yes

Assignment Mode=Self-Assignment

IDENTIKEY RADIUS Self-AssignmentIDENTIKEY Local AuthenticationOneSpan Authentication Server Appliance model for self-assignment based on the RADIUS password replacement model.

Search Up OU Path=Yes

Assignment Mode=Self-Assignment

Self Assignment Separator=|

IDENTIKEY Back End AuthenticationBase PolicyOneSpan Authentication Server Appliance model for only back-end authentication. Change the back-end protocol to the one required.

Backend Protocol=RADIUS

Backend Authentication=Always

IDENTIKEY DP110 Provisioning 1Base PolicyIDENTIKEY DP110 provisioning model scenario 1 - Activation codes are encrypted with pre-loaded static passwords.

Local Auth=DIGIPASS/Password during Grace Period

1-Step Challenge/Response=Yes-Any challenge

IDENTIKEY DP110 Provisioning 2Base PolicyIDENTIKEY DP110 Provisioning model scenario 2 - Dynamic Registration using back-end system. Change the back-end protocol to the one required.

Local Auth = DIGIPASS/Password during Grace Period

Back-End Authentication = Always

1-Step Challenge/Response=Yes – Any challenge

IDENTIKEY DP4Mobile Provisioning 1Base PolicyMobile Authenticator Studioprovisioning model scenario 1 
IDENTIKEY DP4Mobile Provsioning 2Base PolicyMobile Authenticator Studioprovisioning model scenario 2

Local Authentication = DIGIPASS/Password during Grace Period

Backend authentication = NONE

DIGIPASS type: 'Mob30'

IDENTIKEY DP4Mobile Provsioning 3Base PolicyMobile Authenticator Studio provisioning model scenario 3

Local Authentication = DIGIPASS/Password during Grace Period

Backend authentication = IF NEEDED

DIGIPASS type: 'Mob30'

IDENTIKEY DP4Web Provisioning 1Base PolicyDIGIPASS for Web Provisioning model scenario 1 - Activation codes are encrypted with pre-loaded static passwords. 
IDENTIKEY DP4Web Provisioning 2Base PolicyDIGIPASS for WebProvisioning model scenario 2 - pre-loaded user accounts and static passwords.Local Auth = DIGIPASS/Password during Grace Period
IDENTIKEY DP4Web Provisioning 3Base PolicyDIGIPASS for Web Provisioning model scenario 3 - Dynamic Registration using back-end system. Change the back-end protocol to the one required.

Local Auth = DIGIPASS/Password during Grace Period

DUR=Yes

IDENTIKEY Deferred Time signature VerficationBase PolicyDeferred time signature verification settings: Time based.Signature Time Window = 24
IDENTIKEY Real-Time signature verfication 1Base PolicyReal-time signature verification settings: Time-based, several signatures are allowed in the same timestep but 2 identical successive signatures will be rejected.Online signature level = 1 - Multiple Signatures allowed in same Time Step
IDENTIKEY Real-Time signature verfication 2Base PolicyReal-time signature verification settings: Time-based, one signature allowed per timestep.Online signature level = 2 - Only 1 Signature/Time Step allowed
IDENTIKEY Real-Time signature verfication 3Base PolicyDeferred time signature verification settings: Event based, off-line mode.Signature Time Window = 24
Windows logon online authentication - Windows Back-EndIDENTIKEY Local AuthenticationWindows Logon with Windows back end

Back-End Authentication = Always

Back-End Protocol = Windows

Enable Random Password = No

Client Group List =

Client Group Mode = No check

Offline Authentication = No

Windows logon online authentication - LDAP AD Back-EndIDENTIKEY Local AuthenticationWindows Logon for LDAP AD back end

Back-End Authentication = Always

Back-End Protocol = Microsoft AD

Enable Random Password = No

Client Group List =

Client Group Mode = No check

Offline Authentication = No

Windows logon online and offline authentication – Windows Back-EndWindows logon online authentication - Windows Back-EndWindows logon online and offline authentication for Windows back end

OfflineOffline Authentication = Yes

Offline Time Window (days) = 21

Offline Event Window = 300

Windows logon online and offline authentication – LDAP AD Back-EndWindows logon online authentication - LDAP AD Back-EndWindows logon online and offline authentication settings for LDAP AD back end

Offline Authentication = Yes

Offline Time Window (days) = 21

Offline Event Window = 300


Cet article vous a-t-il été utile ?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle