USERSUser Account (tab)

The USERS > User Account tab contains information about the user account.

Table: USERS - User Account tab
Field name Description
User ID The ID of the selected user.
Organizational Unit

This lists the organizational unit in which the user is located. This is optional as the user does not have to be located in an organizational unit.

Read only. The Move command must be used to change this.

Last Authentication

The date and time of the last authentication for this user. This field is used to determine how many days an account has remained inactive. This field will be populated for the first time during the first authentication.

Account Status

Specifies whether a user account is enabled or disabled. If disabled, all requests for the user will be rejected by OneSpan Authentication Server.

The Disable and Enable commands are used to change this, but it can also be changed when creating or editing the user account.

Expires It is possible to set the date on which the user account cannot longer be used for authentication. This field is typically used for temporary users such as contractors or external auditors. OneSpan Authentication Server does not automatically delete expired users.
Lock Count

Specifies whether a user account is locked or not. If locked, all requests for the user will be rejected by OneSpan Authentication Server.

The locked indicator is normally set automatically when the user exceeds a certain number of failed authentication attempts. The User Lock Threshold is set in the policy.

The Unlock command is used to change this, but it can also be changed when editing the user account.

Static Password

The static password. This may be used for static password checking by OneSpan Authentication Server or may be a record of a password in a back-end system.

In view mode, the system will only show whether a password is set or not.

The Set Password and Reset Password commands are used to change this, but it can also be entered when creating the user account.

Last Password Update Date and time of the user's last static password update.
Service User

Indicates if this user account is a service user. A service user is a specific user type for administrative operations within OneSpan Authentication Server services. Service users require administrative privileges like human or interactive users to be able to perform administrative operations. In contrast to human or interactive users, the following limitations apply:

  • Service users cannot log on interactively to components such as Web Administration Service.
  • Service users authorize each administrative operation individually via the API key that OneSpan Authentication Server generates.
  • Service user passwords do not expire, password policies do not apply.
Administrator Level

Only available for accounts with at least one administrative privilege (see USERS – Admin Privileges (tab)).

The administrator level of an administrative user account. Lower-level administrators cannot modify or even view administrator accounts with an administrator level higher than their own. It has no effect on non-administrative user accounts.

When you create a new administrator account, the administrator level of that account is initially set to your own administrator level. The administrator level cannot be set to a higher value than the user account owning the current administrative session. You cannot change the administrator level of your own user account.

Possible values: 0255

The maximum value on OneSpan Authentication Server Appliance is 100.

User Info
User Name The full name of the user.
Phone The user's phone number.
Mobile The user's mobile phone number. This may be used for Virtual Mobile Authenticator logons.
Email Address The user's e-mail address. This may be used for Virtual Mobile Authenticator logons.
Description Any descriptive text or notes.
Account Linking
Linked User ID

It is possible to share an authenticator between different user accounts, by linking user accounts together. This feature is intended for the case where one person, such as an administrator, has multiple user accounts. If the different user accounts are linked, there is no need to give more than one authenticator to that person.

This feature is used by assigning the authenticator to one user account, then linking all the other user accounts for the person to the one that has the authenticator.

Read-only. The Link and Unlink commands are used to change this.

If a user is linked to another user, the Linked User Account field will show the user ID and domain of the linked user, for example: testuser [onespan.com].

Update History
Created

Read-only. The date and time that the record was created.

Modified

Read-only. The date and time that the record was last modified.

Available actions

  • Edit. Switch to edit mode.
  • Disable/Enable (depending on the current user account status)
  • Unlock (only available if status is Locked)
  • Link user (depending on the current link status)
  • Set Password
  • Reset Password
  • Reset Last Authentication Time
  • Set Expiration
  • Delete.
  • Move/Rename.