TID Cloud Authentication (Policy)
  • 18 Oct 2024
  • 3 Minutes to read
  • Dark
    Light

TID Cloud Authentication (Policy)

  • Dark
    Light

Article summary

The following is an overview of the relevant default settings of cloud authentication with Intelligent Adaptive Authentication.

  • Parent policy: Identikey Local Authentication

TID Cloud Authentication—Default parameter settings    

Parameter name

Default value

Description

custom_request_body

yes

Allow Custom Request Body

If true, all Secure Channel policy settings can be overwritten by providing a valid request body attribute in the request.

pvdp_req_method

KeywordOnly

Request Method

The method by which a user has to request a Virtual Mobile Authenticator login. The request is made in the password field during login. The request will be ignored if the user does not have a Virtual Mobile Authenticator assigned.

Possible values:

  • Default. Use the setting of the parent policy.

  • None. Do not use primary Virtual Mobile Authenticator.

  • Keyword. Use the request keyword, with or without another item. The user needs to type the request keyword into the password field. This can be blank.

  • Keyword Only. Only the keyword will be accepted.

  • Password. Use the static password. The user needs to type the static password into the password field.

  • KeywordPassword. Use the request keyword followed by the static password. The user needs to type the request keyword followed by the static password into the password field. No separator characters or white spaces are allowed between them.

  • PasswordKeyword. Use the static password followed by the request keyword. The user needs to type the static password followed by the request keyword into the password field. No separator characters or white spaces are allowed between them.

pvdp_req_keyword

votp

Request Keyword

This defines the request keyword that a user must enter to request a primary Virtual Mobile Authenticator login. This applies if a method using a keyword is selected in Request Method. This can be blank.

vdp_delivery_method

Email

Delivery Method

The method used to deliver the Virtual Mobile Authenticator.

Possible values:

  • Default. Use the setting of the parent policy.

  • Email. Deliver the OTP via email. The user account must have a configured email address.

  • SMS. Deliver the OTP via SMS. The user account must have a configured mobile phone number.

  • Voice. Deliver the OTP via voice channel (i.e. dictated over a phone line). The user account must have a configured mobile phone number.

This field also allows you to specify one of the following combinations of delivery methods:

  • Email and SMS

  • SMS and Voice

  • Email and Voice

vdp_mdc_profile

-

MDC profile

This setting can only be changed by OneSpan administrators!

The MDC profile to use for this delivery method. It defines a specific group of settings for a particular delivery method. If no MDC profile is specified in this field, the highest-ranked, enabled, and available MDC profile for the specified delivery method/s will be used.

The MDC profile name is not unique, therefore, more than one MDC profile with the same name may exist for this delivery method. In that case, the highest-ranked, enabled, and available MDC profile with the specified name will be used.

pn_msg_title

Login Request

Message Title

The text that will be used as the title of push notifications sent for authentication and signature operations.

pn_msg_subject

Tap here to confirm login

Message Subject

The text that will be used as the subject of push notifications sent for authentication and signature operations.

pn_auth_timeout

60

Authentication Timeout

The time span in seconds during which authentication via a particular push notification message is possible, i.e. the time span between sending a push notification to a mobile device, and the response from the OneSpan Mobile Authenticator app. When the timeout period has elapsed, authentication using the push notification message will fail. This time span can be extended per tenant.

Possible values:

  • 0–300

initial_window

1 hour

Initial Time Window

This controls the maximum allowed time variation between an authenticator and the host system, the first time that the authenticator is used. The time is specified in hours.

This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful login. This only applies to time-based authenticators when verifying an OTP.

In either case, after the first successful login, the initial time window is no longer active.

event_window

10 events

Event Window

This controls the maximum allowed number of event variations between an authenticator application and the host system during login. This only applies to event-based authenticator applications and always applies for OTP verification. For signature validation, it depends on the online signature level setting whether the event window is used or not.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant