- 06 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
Pre-defined policies
- Mis à jour le 06 Jan 2025
- 4 Minutes à lire
- SombreLumière
- PDF
Pre-loaded policies are created for OneSpan Authentication Server Appliance during installation and provide useful policy examples for typical environments.
The Base Policy provides globally applicable settings. In general, all other policies should inherit from it, either directly or indirectly.
Policy name | Parent policy | Description | Settings different from parent policy |
---|---|---|---|
Base Policy | - | Globally applicable settings. In general, all other Policies should inherit from this, directly or indirectly. | User Lock Threshold=3 PIN Change Allowed=Yes Challenge Request Method=Keyword Primary VDP Request Method=Password Backup VDP Request Method=Keyword Password Backup VDP Request Keyword=otp Identification Time Window=20 Check Challenge Mode=1 Event Window=20 Sync Window=6 Online Signature Level= 0 Identification Threshold=0 Local Authentication=None Back-End Authentication=None DUR=No Password Autolearn=No Stored Password Proxy=No Group Check Mode=No Check Assignment Mode=Neither Search Up OU Path=No Application Types=No Restriction 1-Step Challenge/Response=No 1-Step Challenge Check Digit=No Backup VDP Enabled=No |
IDENTIKEY Administration Logon | Base Policy | Settings for an administration logon including Audit Viewer live connection. Separated from the main authentication policies to avoid accidental interference. Locking is off to reduce the chance of a lock-out. | Local Authentication=DIGIPASS/Password during Grace Period User Lock Threshold=0 |
IDENTIKEY Local Authentication | Base Policy | Settings applicable to all OneSpan Authentication Server Appliance authentication Policies, including local authentication. In general, all other OneSpan Authentication Server Appliance Policies using local authentication should inherit from this, directly or indirectly. | Local Authentication=DIGIPASS/Password during Grace Period |
IDENTIKEY Windows Password Replacement | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for password replacement and Dynamic User Registration (DUR), using Windows back-end authentication. | Back-End Authentication=Always Back-End Protocol=Windows DUR=Yes Assignment Mode=Neither Password Autolearn=Yes Stored Password Proxy=Yes |
IDENTIKEY Microsoft AD Password Replacement | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for password replacement with Microsoft Active Directory (LDAP connection). | Local Auth=Default Backend Auth=Always Backend Protocol=Microsoft AD DUR=Yes Password Autolearn=Yes Stored Password Proxy=Yes |
IDENTIKEY Novell eDirectory Password Replacement | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for password replacement with NetIQ eDirectory (formerly Novell eDirectory) (LDAP connection). | Local Auth=Default Backend Auth=Always Backend Protocol=Novell eDirectory DUR=Yes Password Autolearn=Yes Stored Password Proxy=Yes |
IDENTIKEY Windows Auto-Assignment | IDENTIKEY Windows Password Replacement | OneSpan Authentication Server Appliance model for Auto-Assignment based on the Windows password replacement model. | Assignment Mode=Auto-Assignment Search Up OU Path=Yes Grace Period=7 |
IDENTIKEY Microsoft AD Auto Assignment | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for Auto Assignment for Microsoft Active Directory | Local Auth=Default Backend Auth=If Needed Backend Protocol=Microsoft AD Assignment Mode=Auto-Assignment Search-Up-OU-Path=Yes |
IDENTIKEY Windows Self-Assignment | IDENTIKEY Windows Password Replacement | OneSpan Authentication Server Appliance model for self-assignment based on the Windows password replacement model. | Assignment Mode=Self-Assignment Search Up OU Path=Yes Self Assignment Separator=| |
IDENTIKEY Microsoft AD Self Assignment | OneSpan Authentication Server Appliance model for self-assignment for AD Password Replacement | Local Auth = Default Backend Auth = Always Backend Protocol = Microsoft AD Assignment Mode = Self-Assignment Search-Up-OU-Path = Yes | |
IDENTIKEY Novell eDirectory Self-Assignment | IDENTIKEY Novell eDirectory Password Replacement | OneSpan Authentication Server Appliance model for self-assignment for NetIQ eDirectory (formerly Novell eDirectory). | Local Auth = Default Backend Auth = Always Backend Protocol = Novell eDirectory Assignment Mode = Self-Assignment Search-Up-OU-Path = Yes |
IDENTIKEY RADIUS Password Replacement | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for password replacement using a RADIUS server for back-end authentication. | Backend Authentication=Always Backend Protocol=RADIUS Password Autolearn=Yes Stored Password Proxy=Yes |
IDENTIKEY RADIUS Auto-Assignment | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for auto-assignment based on the RADIUS password replacement model. | Grace Period=7 Search Up OU Path=Yes Assignment Mode=Self-Assignment |
IDENTIKEY RADIUS Self-Assignment | IDENTIKEY Local Authentication | OneSpan Authentication Server Appliance model for self-assignment based on the RADIUS password replacement model. | Search Up OU Path=Yes Assignment Mode=Self-Assignment Self Assignment Separator=| |
IDENTIKEY Back End Authentication | Base Policy | OneSpan Authentication Server Appliance model for only back-end authentication. Change the back-end protocol to the one required. | Backend Protocol=RADIUS Backend Authentication=Always |
IDENTIKEY DP110 Provisioning 1 | Base Policy | IDENTIKEY DP110 provisioning model scenario 1 - Activation codes are encrypted with pre-loaded static passwords. | Local Auth=DIGIPASS/Password during Grace Period 1-Step Challenge/Response=Yes-Any challenge |
IDENTIKEY DP110 Provisioning 2 | Base Policy | IDENTIKEY DP110 Provisioning model scenario 2 - Dynamic Registration using back-end system. Change the back-end protocol to the one required. | Local Auth = DIGIPASS/Password during Grace Period Back-End Authentication = Always 1-Step Challenge/Response=Yes – Any challenge |
IDENTIKEY DP4Mobile Provisioning 1 | Base Policy | Mobile Authenticator Studioprovisioning model scenario 1 | |
IDENTIKEY DP4Mobile Provsioning 2 | Base Policy | Mobile Authenticator Studioprovisioning model scenario 2 | Local Authentication = DIGIPASS/Password during Grace Period Backend authentication = NONE DIGIPASS type: 'Mob30' |
IDENTIKEY DP4Mobile Provsioning 3 | Base Policy | Mobile Authenticator Studio provisioning model scenario 3 | Local Authentication = DIGIPASS/Password during Grace Period Backend authentication = IF NEEDED DIGIPASS type: 'Mob30' |
IDENTIKEY DP4Web Provisioning 1 | Base Policy | DIGIPASS for Web Provisioning model scenario 1 - Activation codes are encrypted with pre-loaded static passwords. | |
IDENTIKEY DP4Web Provisioning 2 | Base Policy | DIGIPASS for WebProvisioning model scenario 2 - pre-loaded user accounts and static passwords. | Local Auth = DIGIPASS/Password during Grace Period |
IDENTIKEY DP4Web Provisioning 3 | Base Policy | DIGIPASS for Web Provisioning model scenario 3 - Dynamic Registration using back-end system. Change the back-end protocol to the one required. | Local Auth = DIGIPASS/Password during Grace Period DUR=Yes |
IDENTIKEY Deferred Time signature Verfication | Base Policy | Deferred time signature verification settings: Time based. | Signature Time Window = 24 |
IDENTIKEY Real-Time signature verfication 1 | Base Policy | Real-time signature verification settings: Time-based, several signatures are allowed in the same timestep but 2 identical successive signatures will be rejected. | Online signature level = 1 - Multiple Signatures allowed in same Time Step |
IDENTIKEY Real-Time signature verfication 2 | Base Policy | Real-time signature verification settings: Time-based, one signature allowed per timestep. | Online signature level = 2 - Only 1 Signature/Time Step allowed |
IDENTIKEY Real-Time signature verfication 3 | Base Policy | Deferred time signature verification settings: Event based, off-line mode. | Signature Time Window = 24 |
Windows logon online authentication - Windows Back-End | IDENTIKEY Local Authentication | Windows Logon with Windows back end | Back-End Authentication = Always Back-End Protocol = Windows Enable Random Password = No Client Group List = Client Group Mode = No check Offline Authentication = No |
Windows logon online authentication - LDAP AD Back-End | IDENTIKEY Local Authentication | Windows Logon for LDAP AD back end | Back-End Authentication = Always Back-End Protocol = Microsoft AD Enable Random Password = No Client Group List = Client Group Mode = No check Offline Authentication = No |
Windows logon online and offline authentication – Windows Back-End | Windows logon online authentication - Windows Back-End | Windows logon online and offline authentication for Windows back end | OfflineOffline Authentication = Yes Offline Time Window (days) = 21 Offline Event Window = 300 |
Windows logon online and offline authentication – LDAP AD Back-End | Windows logon online authentication - LDAP AD Back-End | Windows logon online and offline authentication settings for LDAP AD back end | Offline Authentication = Yes Offline Time Window (days) = 21 Offline Event Window = 300 |