Authenticator record functions

A number of functions are available to manage authenticator records. These are typically required for maintenance, e.g. if a user has forgotten the server PIN, or if an authenticator has been locked.

Reset application

An authenticator application may need to be reset if the time difference between the application and the server needs to be recalculated. This would typically be used for time-based Response-Only authenticator applications after a very long period of inactivity. The reset widens the allowable time window for the next logon, allowing the user to authenticate and OneSpan Authentication Server to calculate the current time shift.

Set event counter

If the event counter for an event-based application has become unsynchronized between the authenticator and the server, this function can be used to set the server event count to the event count on the authenticator.

Enable/disable server PIN

An administrator may enable or disable use of a server PIN for a specific authenticator or for multiple authenticators. If the server PIN is enabled, the users must include their server PIN when authenticating. If the server PIN is disabled, the users must not include a server PIN.

Reset PIN

If a user’s server PIN needs to be changed—usually because the user has forgotten it—then it can be reset. The users can set a new server PIN when they authenticate the next time. This may be done when unassigning or re-assigning an authenticator.

Force PIN change

This function can be used when an administrator wants the users to change their server PIN on their next logon. This may be desirable as a security measure.

Set PIN

A user’s server PIN can be set to a specific value and communicated to the user.

Unlock authenticator

If a user incorrectly enters the authenticator PIN into the authenticator a predetermined number of times, the authenticator will be locked. Once locked, the assistance of an administrator is required to unlock it. This function allows an administrator to provide the user with an unlock code to enter into the user's authenticator.

Reset error count

When a user attempts to log in with incorrect details, the error count for the target authenticator application increments by 1. Depending on the policy settings, when the error count reaches a set threshold, the authenticator application used may be locked out from usage by the policy. Use the reset error count function to reset the error count to 0.

Reset activation

Use this function to reset the last activation date/time, the activation location, and the activation counter for an authenticator.

Authenticator start time

The authenticator start time defines a particular date and time when an activated (software) authenticator can effectively be used for authentication. OneSpan Authentication Server will not allow the authenticator to be used for authentication, until the start time has been reached.

Authenticator expiration time

The authenticator expiration time defines a particular date and time when an authenticator expires and can no longer be used for authentication.