If maker–checker authorization is enabled, certain operations initiated by one administrator (maker) can only be executed after approval and authorization by another administrator (checker).
The so-called maker–checker authorization is an optional feature that can be enabled/disabled in the OneSpan Authentication Server Administration Web Interface to provide an additional layer of authorization. By enabling this feature, the setting is replicated system-wide over all OneSpan Authentication Server instances.
This authorization mechanism introduces a four-eyes principle, in which the authorization process requires two different individuals to complete an administrative operation, specifically:
Creating a user accountMaker–checker authorizationMaker–checker authorizationMaker–checker authorization
Deleting a user account
Assigning an authenticator
Unassigning an authenticator
For more information, see Administration using maker–checker authorization.