To avoid replay attacks, you can restrict the maximum number of authenticators assigned to a user for specific authenticator types. This applies to single-device licensing (SDL) and multi-device licensing (MDL) authenticators, and authenticator instances (MDL only).
This feature is restricted to certain types of authenticators.
| Restrictions by authenticator type | ||
| Authenticator type | Description | Limit |
|---|---|---|
| TYP03 | MDL instance for authenticators on iOS, derived from the DAL10 authenticator type. | 10 instances per user |
| TYP07 | MDL instance for authenticators on Android, derived from the DAL10 authenticator type. | 10 instances per user |
| DAL10 | MDL license | 1 per user |
| VIR10 | Virtual authenticator | 1 per user |
If the limit has been exceeded, Intelligent Adaptive Authentication displays the following error message: The authenticator limit has been reached.
If a user account has 10 or more active instances of TYP00, TYP03, or TYP07, it will not be possible to activate more until enough instances have been deleted to be at or under the 10-instance limit.
This limit exceeded error affects the following endpoints:
The limit can be adjusted per tenant in the relevant authentication policies by a OneSpan administrator.