backup Virtual Mobile Authenticator settings
Several settings determine how a user can use the backup Virtual Mobile Authenticator capability:
- Enable or disable backup Virtual Mobile Authenticator and enable method (i.e. Required).
- Time limit/expiry (applies to Time Limited enable method only).
- Maximum number of times a user may use of the backup Virtual Mobile Authenticator.
The settings may be set both at the policy level and at the authenticator record level. Individual authenticator settings override policy settings for an individual authenticator. Some policy settings may be used to automatically set authenticator settings that are blank when the backup Virtual Mobile Authenticator is used by the user for the first time (see Time limit and maximum uses per user).
Time limit and maximum uses per user
Table: Policy/authenticator settings for backup Virtual Mobile Authenticator lists backup Virtual Mobile Authenticator policy settings and authenticator settings relating to time limits and maximum users.
Policy settings | Authenticator settings |
---|---|
Time Limit | Enabled Until |
Max. Uses/User | Uses Remaining |
If backup Virtual Mobile Authenticator is enabled for an authenticator and set to Time Limited, but the Enabled Until field in the authenticator properties is blank on the first use of backup Virtual Mobile Authenticator, the time limit will begin counting on the user's first use. The expiry date, i.e. today’s date and the time limit, will then be displayed in the Enabled Until field.
If Max. Uses/User is set for the relevant policy and the authenticator record's Uses Remaining field in the user property sheet is blank on the first use of backup Virtual Mobile Authenticator, a the value of Max Uses/User will be automatically entered into the user's Uses Remaining field and immediately decremented by 1.
If a user has backup Virtual Mobile Authenticator enabled with an Enabled Until date set and Uses Remaining has been set (automatically or manually), whichever of these values expires first will disable backup Virtual Mobile Authenticator for the user.
The backup Virtual Mobile Authenticator feature is enabled for a user as Time Limited. The server Time Limit setting is 3 days. The Max. Uses/User policy setting is 5. When the user first makes use of the backup Virtual Mobile Authenticator, the user's Enabled Until setting is set to a date 3 days hence and Uses Remaining is set to 4.
During the next 48 hours, the user logs on 4 more times.
Although the user’s time limit does not run out for another 24 hours, Uses Remaining is now 0, thereby disabling backup Virtual Mobile Authenticator.