TID Local Authentication (Policy)
  • 18 Oct 2024
  • 2 Minutes à lire
  • Sombre
    Lumière

TID Local Authentication (Policy)

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

The following is an overview of the relevant default settings of local authentication with Intelligent Adaptive Authentication.

  • Parent policy: Identikey Local Authentication

  • Applicable mode(s):

    • Create

    • Update

TID Local Authentication—Default parameter settings

Parameter name

Default value

Description

appl_type

Response-Only

Application Type

This controls which authenticator application type (e.g. Response-Only, Challenge/Response) may be used.

Possible values:

  • Default. Use the setting of the parent policy.

  • No Restriction. Any type of authenticator application may be used.

  • Response Only. Only authenticator applications of type RO (Response-Only) or MM (multi-mode) may be used.

  • Challenge/Response. Only authenticator applications of type CR (Challenge/Response) or MM (multi-mode) may be used.

  • Signature. Only authenticator applications of type SG (Signature) or MM (multi-mode) may be used.

  • Multi-Mode. Only authenticator applications of type MM (multi-mode) may be used.

pvdp_req_method

None

Request Method

The method by which a user has to request a Virtual Mobile Authenticator login. The request is made in the password field during login. The request will be ignored if the user does not have a Virtual Mobile Authenticator assigned.

Possible values:

  • Default. Use the setting of the parent policy.

  • None. Do not use primary Virtual Mobile Authenticator.

  • Keyword. Use the request keyword, with or without another item. The user needs to type the request keyword into the password field. This can be blank.

  • Keyword Only. Only the keyword will be accepted.

  • Password. Use the static password. The user needs to type the static password into the password field.

  • KeywordPassword. Use the request keyword followed by the static password. The user needs to type the request keyword followed by the static password into the password field. No separator characters or white spaces are allowed between them.

  • PasswordKeyword. Use the static password followed by the request keyword. The user needs to type the static password followed by the request keyword into the password field. No separator characters or white spaces are allowed between them.

initial_window

1 hour

Initial Time Window

This controls the maximum allowed time variation between an authenticator and the host system, the first time that the authenticator is used. The time is specified in hours.

This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful login. This only applies to time-based authenticators when verifying an OTP.

In either case, after the first successful login, the initial time window is no longer active.

event_window

10 events

Event Window

This controls the maximum allowed number of event variations between an authenticator application and the host system during login. This only applies to event-based authenticator applications and always applies for OTP verification. For signature validation, it depends on the online signature level setting whether the event window is used or not.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle