Maker–checker authorization
If maker–checker authorization is enabled, certain operations initiated by one administrator (maker) can only be executed after approval and authorization by another administrator (checker).
The so-called maker–checker authorization is an optional feature that can be enabled/disabled in the OneSpan Authentication Server Administration Web Interface to provide an additional layer of authorization. By enabling this feature, the setting is replicated system-wide over all OneSpan Authentication Server instances.
This authorization mechanism introduces a four-eyes principle, in which the authorization process requires two different individuals to complete an administrative operation, specifically:
- Creating a user account
- Deleting a user account
- Assigning an authenticator
- Unassigning an authenticator