Login
    Contents x
    TID Local Authentication with Static Password (Policy)
    • 16 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    Contents

    TID Local Authentication with Static Password (Policy)

    • Updated on 16 Oct 2024
    • 2 Minutes to read
    • Dark
      Light
    Article summary

    The following is an overview of the relevant default settings of local authentication with static password with OneSpan Cloud Authentication.

    TID Local Authentication with static password—Default parameter settings    

    Parameter name

    Default value

    Description

    local_auth

    DIGIPASS or Password

    Local Authentication

    This specifies whether authentication requests using the policy will be handled by the Authentication component using local authentication.

    When local authentication is used, there are two factors that determine whether an authenticator is used for authentication – any policy restrictions on authenticator types and/or applications that can be used and whether the user account has any assigned authenticator that meets the restrictions. For example, if the policy requires a certain authenticator type, but the user has a different type, they cannot use the authenticator for authentication under that policy.

    This setting also affects the provisioning registration process.

    Possible values:

    • Default. Use the setting of the parent policy.

    • None. The Authentication component will not use local authentication under this policy. The authentications may be handled using back-end authentication or not handled at all by the authentication service.

    • DIGIPASS Only. The Authentication component will always use local authentication under this policy, using authenticator authentication. If authentication with authenticator is not possible, the user cannot log in. Back-end authentication may also be used.

    • DIGIPASS/Password During Grace Period.  The Authentication component will always use local authentication under this policy. The static password can only be used within a (configurable) grace period until an authenticator is used the first time. Back-end authentication may also be used.

    • DIGIPASS or Password. This authentication mode allows users to permanently use their static password or their authenticator. This is possible even after the grace period has expired and/or they have previously already used their authenticator for authentication. The grace period also expires after a successful MDL activation, either using an OTP or a signature validation.

    static_pwd_max_age

    0

    Maximum Age in Days

    This specifies the maximum amount of time in days during which a local static password is valid. After this time, the password expires. Applies to the local authentication mode DIGIPASS or Password only.

    If set to 0, the local static password never expires. Select this to disable local static password expiration if you are using back-end authentication, and to rely on the back-end system to enforce password expiration.

    Changes in back-end authentication settings must be implemented by OneSpan administrators.

    Possible values: 09999

    static_pwd_min_age

    0

    Minimum Age in Days

    This specifies the minimum amount of time in days a static password must be used before it can be changed. It applies to the local authentication mode DIGIPASS or Password only.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant