Identikey Administration Logon (Policy)

The following is an overview of the relevant default settings of an administration logon with the Authentication component of Intelligent Adaptive Authentication.

Identikey Administration Logon—Default parameter settings
Parameter name Default value Description



Different From Last # Passwords

Specifies how many different passwords must be used before a previously used password can be used again.

Possible values: 024

pwd_min_length 20

Minimum Password Length

Sets the minimum length required for the static password.

Possible values: 09999

pwd_not_userid_based No

Not based on user ID

This specifies whether the password is allowed to contain all or parts of the user ID.

Possible values:

  • Default. Use the setting of the parent policy.
  • No. Disables this option.
  • Yes. Enables this option.
static_pwd_max_age 0

Maximum Age in Days

This specifies the maximum amount of time in days during which a local static password is valid. After this time, the password expires. Applies to the local authentication mode DIGIPASS or Password only.

If set to 0, the local static password never expires. Select this to disable local static password expiration if you are using back-end authentication, and to rely on the back-end system to enforce password expiration.

Changes in back-end authentication settings must be implemented by OneSpan administrators.

Possible values: 09999

static_pwd_min_age 0

Minimum Age in Days

This specifies the minimum amount of time in days a static password must be used before it can be changed. It applies to the local authentication mode DIGIPASS or Password only.


  • DAL10: one per user

    DAL10 is an MDL license.

  • VIR10: one per user

    VIR10 is a virtual authenticator.

Authenticator Type Limit

Limits of authenticator instances per authenticator type.

Limit of authenticator instances per authenticator type.

This setting allows you to restrict the maximum number of assigned authenticators per user for specific authenticator types. If you need to have more than one authenticator provided to your users, you should still limit the number to avoid that too many authenticators (and/or instances) are assigned to or activated for single users.

For single-device licensing, it is possible to limit the number of assigned authenticators; for multi-device activation/multi-device licensing the setting limits the number of assigned authenticator licenses and activated authenticator instances.