Query filters

Queries can be defined from user, authenticator, and audit data fields. The fields listed below are available for selection when you define a query.

Query fields

The user query fields can be referred to in the XSLT templates.

Table: Query fields – User
Display name Data type Accepted values
User:Back-End Authentication String
  • Default
  • None
  • If Needed
  • Always
User:Created time Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
User:Description String  
User:Disabled Boolean
  • 0
  • 1
User:Domain String  
User:Email String  
User:Expiration Date Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
User:Has Digipass String
  • Assigned
  • Unassigned
User:Last Authentication Date  
User:Local Authentication String
  • Default
  • None
  • Digipass Only
  • Digipass/Password
  • DIGIPASS or Password
User:Lock Count Number  
User:Locked Boolean
  • 0
  • 1
User:Mobile String  
User:Modified time Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
User:Organizational Unit String  
User:Phone String  
User:Status String  
User:User ID String  
User:User Name String  
User Attributes:* String  
Table: Query fields – Authenticator
Display name Data type Accepted values
Digipass:Application Names String Comma-separated list of authenticator application names.
Digipass:Application Types String Comma-separated list of authenticator application types.
Digipass:Assigned Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss

Digipass:Backup VDP Enabled

String

  • Default
  • No
  • Yes – Permitted
  • Yes – Required
  • Yes – Time Limited
Digipass:Backup VDP Expires Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Digipass:Backup VDP Uses Left Number  
Digipass:Created time Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Digipass:Description String  
Digipass:Digipass Type String 5-character code.
Digipass:Domain String  
Digipass:Expiration Date Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Digipass:Grace Period End Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Digipass:Modified time Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Digipass:Serial Number String  
Digipass:Status String
  • Assigned
  • Unassigned
Digipass:User ID String User ID of the user the authenticator is assigned to.
Table: Query fields – Audit
Display name Data type Accepted values
Audit:Action String  
Audit:AMID String  
Audit:Application String  
Audit:Area String  
Audit:Back-End Authentication String  
Audit:Category String  
Audit:Characteristics String  
Audit:Client Description String  
Audit:Client Location String  
Audit:Client Type String  
Audit:Code String For a list of possible codes and messages used by the audit system, see Audit messages.
Audit:Command String  
Audit:Configuration Details String  
Audit:Credentials String  
Audit:Data Source String  
Audit:Data Source Location String  
Audit:Description String For a list of possible codes and messages used by the audit system, see Audit messages.
Audit:Downtime Number  
Audit:Error Code Number For a list of error codes used by OneSpan Authentication Server, see Error messages.
Audit:Error Details String For a list of error codes used by OneSpan Authentication Server, see Error messages.
Audit:Error Message String For a list of error codes used by OneSpan Authentication Server, see Error messages.
Audit:Expiration Date Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Audit:Fields String  
Audit:From String  
Audit:Input Details String  
Audit:IP Address IP Address

Required. Valid IPv4 address range using CIDR notation to filter audit messages, if the client IP address is either within the specified address range or not.

Can be used with the following conditions only:

  • is part of
  • is not part of
Audit:Local Authentication String  
Audit:Message String For a list of possible codes and messages used by the audit system, see Audit messages.
Audit:Object String  
Audit:Operation String  
Audit:Outcome String  
Audit:Output Details String  
Audit:Password Protocol String  
Audit:Policy ID String  
Audit:Quota Number  
Audit:RADIUS Octets Input Number The number of bytes sent by the user.
Audit:RADIUS Octets Output Number The number of bytes received by the user.
Audit:RADIUS Status Type String The audit function performed, e.g. start, stop, update.
Audit:Reason String  
Audit:Request ID String  
Audit:Request Type String  
Audit:Server Location String  
Audit:Session ID String  
Audit:Session Time Number How long the user has been connected, in seconds.
Audit:Source String  
Audit:Source Location String  
Audit:Timestamp Date

Format:

  • yyyy-mm-dd hh:mm:ss
  • yyyy/mm/dd hh:mm:ss
Audit:To String  
Audit:Type String  
Audit:Type code Number  
Audit:User Location String  
Audit:Version String  

Two or more values after the operator will be interpreted as if the word 'and' is between them (logical AND).

Date field queries

Any query field, which is a date field can have the following filter applied to it.

Use one of the following operators:

  • is less than or equal to
  • is greater than or equal to

Then specify one or more days, weeks, or months from now, where now is taken to be the current date.

The filter must be in the following format:

  • 1 day from now
  • 6 weeks from now
  • 5 years from now

You need to use the exact spelling and the exact number of spaces. The number must be a numeric character. The filter is not case-sensitive.

The words from now can be replaced with ago. For example, the following term will select information 3 years old or older:

is greater than or equal to 3 years ago