Domain considerations

OneSpan Authentication Server uses the concept of a master domain. This domain has special significance in two ways:

1. It is used as the default domain, when no domain is specified.

2. Only administrators in the master domain may be assigned the privilege to view data from all domains. Administrators in other domains can view data in their own domain only.

The default name for the master domain is master. If you prefer, you can specify another name when you add the database schema. If the schema has already been added, you can change the master domain name during an advanced installation.

In the basic installation, the default name master is used. To change it, use the Administration Web Interface.

You can use domains to create organizational structures and divide administration between specific organizational divisions (for example, where some administrators should only have access to a single group of users). These domains may mirror actual domains in the corporate network.

Domains and Organizational Units

Domains and organizational units are included in the ODBC database to mirror the data structure used by Active Directory.

Organizational units are designed to hold user accounts and authenticator records. They allow to group users according to department, job function, or other criteria. They also allow authenticators to be allocated for auto-assignment to single or multiple groups of users. Both, domains and organizational units can be used to limit administrators to a group of users and/or authenticators.