Login
    Contenu x
    Settings
    • 06 Jan 2025
    • 11 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Settings

    • Mis à jour le 06 Jan 2025
    • 11 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Table: System fields
    Field nameDescription
    Settings

    Hostname

    This is the internal name of OneSpan Authentication Server Appliance and is used for the following:

    • To uniquely identify log lines when sent to a remote syslog server. For more information refer to the OneSpan Authentication Server Appliance Product Guide, Section "Logging".
    • To identify an OneSpan Authentication Server Appliance instance in a replication setup.
    Time
    Time zoneEach log line and audit event in OneSpan Authentication Server Appliance is generated with a time stamp. This time zone field determines the time-offset of the time stamp. We recommend setting the time zone to UTC (= Greenwich Mean Time) for an efficient support service.
    NTP ServersList of NTP servers used in the company network. The Network Time Protocol (NTP) is designed to synchronize the clocks of computers over a network. If multiple servers are specified, the NTP service will attempt to synchronize all servers. To provide redundancy, it is good practice to configure multiple servers. In general, best accuracy is obtained by using servers that have a low network latency.

    Authentication settings 

    Table: Authentication Settings fields
    Field nameDescription
    Sysadmin User
    EnabledClear this option to disable the sysadmin user.
    PasswordChange the password of the sysadmin user.
    OneSpan Authentication Server Web Administration
    Share IAS Web Administration Session

    Select this option to enable session sharing between the OneSpan Authentication Server Appliance Configuration Tool and the OneSpan Authentication Server Administration Web Interface. If enabled, users with the Appliance Administration privilege can log in once, either to the Configuration Tool or the Administration Web Interface, to access both applications.

    Selecting/clearing this option takes effect only for new sessions and does not affect existing sessions.

    Rescue Users
    Number of Additional Logins RequiredUse this field to specify the number of credential sets required in addition to the rescue login. This is to protect the rescue facility, and enable only a certain set of administrators to use the features it provides. By default, the rescue login does not have a password.
    Rescue UsersClick Add Rescue User and enter the user name and password. Click Save. The number of users defined here must correspond to the number specified via the Number of Additional Logins Required field.

    Network settings

    Table: Network Settings fields
    Field nameDescription
    Address and Routing
    IP AddressList of the IP addresses of OneSpan Authentication Server Appliance used to communicate within the company network. The Classless Inter Domain Routing (CIDR) notation is used, for instance 192.168.0.100/24.
    Default GatewayThe default gateway is a server in your network which routes the traffic from OneSpan Authentication Server Appliance to the outside network. Enter the default gateway for your network.
    DNS Settings
    DNS SuffixesList of domain suffixes. The DNS search path or DNS suffix is used to complete a partial DNS name whenever a DNS lookup is performed, for example 'intranet' is completed to 'intranet.mycompany.com'. Enter the domain used within your company in this field. A partial DNS name is completed with each domain starting from the top of the list until a valid DNS name is found.
    DNS ServersList of DNS servers used in your network. A DNS server is used to convert human readable DNS names into IP addresses used in the network. The first entry in the list is used to perform DNS resolving. A subsequent server in the list is used if the previous DNS server in the list is unavailable.
    Proxy Server
    A proxy server is used in larger companies and organizations to improve network operations and security. It can be used to prevent direct communication between two or more networks. A proxy server forwards all allowed data requests to remote servers. The use of a proxy server is optional. Proxy authentication works for basic authentication and DIGEST authentication, but not for form-based authentication.
    Use Proxy Server for HTTP(S)Select the checkbox to enable/disable use of a proxy server.
    Proxy ServerEnter the IP address of the proxy server used in your network.
    PortEnter the IP port used to contact your proxy server.
    Enable AuthenticationSelect the checkbox to enforce authentication for HTTP(S) access through the proxy server.
    User NameEnter the user name to authenticate towards the proxy server in your network before a connection is allowed.
    PasswordEnter the password for the supplied user name to authenticate towards the proxy server in your network before a connection is allowed.

    SNMP

    These settings allow you to define SNMP traps, SMS and email warnings for critical system OS events. For more details about system monitoring, see  System monitoring

    Table: SNMP Settings fields 
    Field nameDescription
    SNMP
    Enable SNMP v2c

    Select this option to enable the Simple Network Management Protocol (SNMP) v2c. This allows you to use an SNMP client to manage and monitor OneSpan Authentication Server Appliance. SNMP v2c: SNMPv2 (RFC 1441–RFC 1452) includes improvements in the areas of performance, security, confidentiality, and manager-to-manager communications.

    SNMP v1 is also supported by selecting the v2c option

    With this option enabled, the following options also need to be configured:

    • Read community. Defines the relationship between the OneSpan Authentication Server Appliance SNMP server and the client system. The community string acts as a password to control the clients' access to the server
    • Allow query from. Specifies the sources from which the OneSpan Authentication Server Appliance SNMP server can be consulted. You can specify an IP address or range of IP addresses; netmask is required.
    Enable SNMP v3

    Select this option to enable the Simple Network Management Protocol (SNMP) v3. This allows you to use an SNMP client to manage and monitor OneSpan Authentication Server Appliance. SNMP v3 is defined per RFC 3411–RFC 3418 (also known as 'STD0062'). SNMP v3 primarily added security and remote configuration enhancements to SNMP, such as authentication and message integrity.

    With this option enabled, the following options also need to be configured to enable connection to the OneSpan Authentication Server Appliance SNMP server:

    • Authentication user name (i.e. security name)
    • Authentication password
    • Authentication type (MD5 or SHA)
    • Privacy password, i.e. the secret key used by privacy protocol for encrypting/decrypting messages.
    • Privacy type. This indicates which privacy protocol to use (AES or DES).
    Settings
    ContactThe contact information of the OneSpan Authentication Server Appliance administrator.
    LocationThe location of OneSpan Authentication Server Appliance.
    Download VASCO MIB filesDownload link for the MIB files provided by OneSpan for use with SNMP. For more information about MIB files, see MIB.
    SNMP Traps
    Enable v2 TrapsEnable SNMP v2 traps. With this option enabled, you also need to configure a Community (i.e. security name).

    These options enable SNMP traps for operating system events. When enabling a trap, you will also need to configure a target host (i.e. the IP address of the SNMP host).

    When enabling v3 traps or v3 inform, you also need to configure the following options:

    • Authentication user name (i.e. security name)
    • Authentication password
    • Authentication type (None, MD5, or SHA)
    • Privacy password, i.e. the secret key used by privacy protocol for encrypting/decrypting messages.
    • Privacy type. This indicates which privacy protocol to use (None, AES, or DES).
    • EngineID text. SNMP v3 requires an SNMP agent to define a unique “engine ID” to respond to SNMP v3 requests. The text in this field will be appended to the OneSpan Authentication Server Appliance engine ID in hex (e.g. 0x80001f8804TEXTINHEX).
    Enable v3 TrapsEnable SNMP v3 traps.
    Enable SNMP v3 Inform Requests

    Enable SNMP v3 inform. With this trap, you need to configure options identical to those for Enable v3 traps.

    Logging and auditing settings

    This interface allows you to configure system logging and to automatically delete audit logs.

    Logging

    This interface contains sections for both local and remote logging. With remote logging, log lines are forwarded to a remote syslog server. To enable this, you need to specify one or more syslog server(s).

    The OneSpan Authentication Server Appliance Configuration Tool generates information in the logging system. This logging system does not contain information from the OneSpan Authentication Server component. For more information about the OneSpan Authentication Server Appliance logging system, refer to the OneSpan Authentication Server Appliance Product Guide, Section "Logging".

    Automatically delete audit logs

    To optimize performance, limit disk space usage, and/or implement a retention policy, it can be useful to limit the duration for keeping audit logs.

    OneSpan Authentication Server Appliance stores its audit logs in partitions in a database. Partitions are either created automatically once every month or whenever the previous partition reaches 500 MB.

    When configuring OneSpan Authentication Server Appliance to automatically delete audit logs, partitions older than the configured time will be automatically deleted.

    If you require finer-grained control for your retention policy, the preferred method is to configure a scheduled delete task in OneSpan Authentication Server Administration Web Interface.

    Table: Logging Settings fields
    Field nameDescription
    Logging
    Level

    Select the logging level.

    The logging system can be configured to generate information at different priority levels. When specifying a level, OneSpan Authentication Server Appliance will log all messages at that priority level and higher; for example, when Error is the specified logging level, OneSpan Authentication Server Appliance will log all error and critical messages.

    The following levels are available (in order of descending priority):

    • Critical. A system-critical warning that services may not be running.
    • Error. Action is required, although services may still be running.
    • Warning. Not an error, but an indication that an error may occur if action is not taken.
    • Notice. Events which are unusual but not error conditions. No immediate action required.
    • Info. Normal operational messages, may be collected for reporting etc. No action required.
    • Debug. Information useful to debug the application. Not useful during operations.
    Remote Logging
    Syslog ServersThe IP address of the remote syslog server.
    LevelSelect the level for remote logging.
    Automatically Delete Audit Logs
    Delete Audit LogsEnable automatic deletion of audit logs. By default audit logs are not deleted.
    Keep ForAmount of time to keep audit logs. Audit logs in partitions older than this amount of time, will be deleted.
    PeriodIndicates whether the value entered in the Keep For field is expressed in days or months.

    Notifications

    These settings allow you to define SNMP traps, SMS or email warnings for OneSpan Authentication Server Appliance Configuration Tool events.

    Table: Notification Settings fields 
    Field nameDescription
    EnabledIf selected, notifications are enabled.
    Filters

    List of notification filters.Notification filters restrict the audit messages that are monitored.

    Click Add filter to add a new filter (see  Add filter).

    Targets

    List of notification targets. Notification targets define where and how notifications are sent.

    Click Add target to add a new target (see  Add target).

    Add filter

     

    Table: Notification Filter fields 
    Field nameDescription
    EnabledIf selected, the filter is enabled.
    NameThe filter name used to distinguish between different filters.
    Target

    A target as specified in the Targets section (see  Add target).

    Filter

    Optional. List of audit filters. Filters restrict the audit messages that are monitored. A filter defines a match criteria that must be met to trigger a notification.

    Click Add to define a new audit filter.

    You can configure a notification to be sent to multiple recipients/channels by adding multiple targets to a single filter.

    Severity

    The severity settings allow you to select conditions to monitor. You can choose multiple condition types:

    • Error
    • Success
    • Warning
    • Failure
    • Info

    Add target

    Table: Notification Target fields
    Field nameDescription
    Type

    The notification target type.

    Possible values:

    • SNMP
    • Email
    • SMS
    NameThe target name used to distinguish between different notification targets.
    SNMP
    HostThe IP address of the SNMP host to which SNMP traps will be sent.
    Type

    The SNMP notification type.

    Possible values:

    • INFORM. This type expects an acknowledgement and will resend the message until it gets a response.
    • TRAP. This is an SNMP v3 trap. For this notification target, an engine ID field is displayed (read-only) which is required to configure the server.
    • TRAPv2c. This is an SNMPv2c trap.
    User NameThe user name for SNMP v3.
    Authentication Type

    Required, if SNMP Type is set to INFORM or TRAP. Specifies whether messages sent and received on behaof of this user can be authenticated, and if so, which authentication protocol to use.

    Possible values:

    • MD5
    • SHA
    Authentication SecretRequired, if SNMP Type is set to INFORM or TRAP. Passphrase used to create the authentication key.
    Privacy Type

    Available, if SNMP Type is set to INFORM or TRAP. Specifies whether messages sent and received on behalf this user can be encrypted, and if so, which encryption protocol to use.

    Possible values:

    • AES
    • DES
    • None
    Privacy SecretAvailable, if SNMP Type is set to INFORM or TRAP. Passphrase used to create the encryption key.
    CommunitystringRequired, if SNMP Type is set to TRAPv2c.
    Email
    FromThe sender's email address.
    SubjectThe message subject header field.
    ToThe recipient's email address.
    SMS
    MobileThe phone number to send the message to.

    For more information about notification targets in general, refer to the OneSpan Authentication Server Appliance Administrator Guide; for more information on SNMP traps as notification targets and trap parameters, see  SNMP trap parameters.

    Configtool settings

    Table: Configtool Settings fields
    Field nameDescription
    Limit Access To Networks

    List of IP addresses of client computers that are allowed to access the Configuration Tool. The Classless Inter-Domain Routing (CIDR) notation can be used to specify IP address blocks, e.g. 192.168.0.100/24. If this list is empty, any client computer can access the OneSpan Authentication Server Appliance Configuration Tool.

    Default setting:

    If you inadvertently lock yourself out by setting this option to an incorrect value, you can reset it using the Rescue Tool.

    Maximum Configtool Session Length (minutes)

    The time span a Configuration Tool session remains active before OneSpan Authentication Server Appliance terminates it automatically. The value is given in minutes.

    Default setting: 45

    Configtool HTTPS Certificate

    The certificate used to encrypt connections to the Configuration Tool. The list contains all valid certificates created/imported using the Certificate Management tab (see  Certificate management).

    A default certificate for the Configuration Tool is created automatically during setup. A new default certificate is automatically created whenever you change the hostname.

    Certificate management

    This tab is used to manage all server and certification authority (CA) certificates used by all components of OneSpan Authentication Server and OneSpan Authentication Server Appliance, respectively.

    Table: Certificates fields
    Field nameDescription
    Server Certificates

    Server certificates contain public and private keys and are used to secure connections to a server or a component using SSL, e.g. SEAL communicator, SOAP communicator, Configuration Tool, etc.

    Some server certificates are created by the built-in certification authority (CA) during installation.

    SubjectThe entity associated with the public key stored in the certificate.
    DescriptionAn optional description of the server certificate. Can be changed.
    Issued ByThe authority which issued this certificate.
    ExpiryShows how long the certificate is still valid. The value is given in days.
    In UseShows how many components are currently using this server certificate.
    Trusted Root Certificate Authorities
    Trusted certification authority (CA) certificates are typically used to determine which client certificates to trust. Trusted CA certificates often come in bundles containing several different trusted root CAs.
    DescriptionAn optional description of the trusted root CA certificate/bundle. Can be changed.
    ContentThe entity associated with the public key stored in the certificate, or, if the item is a CA certificate bundle, the number of CAs in the bundle.
    ExpiryShows how long the CA certificate/bundle is still valid. The value is given in days.
    In UseShows how many components are currently using this CA certificate/bundle.
    IDENTIKEY Appliance Root CA
    OneSpan Authentication Server Appliance contains a built-in certification authority (CA) used to sign all automatically generated default certificates. This list contains the root CA certificate for the OneSpan Authentication Server Appliance CA.
    DescriptionA description of the root CA certificate.
    ContentThe entity associated with the public key stored in the certificate.
    ExpiryShows how long the CA certificate is still valid. The value is given in days.

    For more information about managing your certificates, refer to the OneSpan Authentication Server Appliance Administrator Guide, Section "Managing certificates".

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle