TID Challenge-Response Authentication (Policy)
The following is an overview of the relevant default settings of Challenge/Response authentication with Intelligent Adaptive Authentication.
- Parent policy: Identikey Local Authentication
|Parameter name||Default value||Description|
|1step_cr_enabled||Yes - Any Challenge||
1-Step Challenge/Response - Permitted
This controls whether 1-step Challenge/Response logins will be enabled for the current policy and, if so, where the challenge should originate.
To enable 1-step Challenge/Response, you also need to set Challenge Check Mode (see below).
Challenge Check Mode
This setting is for advanced control over time-based Challenge/Response authentication.
Initial Time Window
This controls the maximum allowed time variation between an authenticator and the host system, the first time that the authenticator is used. The time is specified in hours.
This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful login. This only applies to time-based authenticators when verifying an OTP.
In either case, after the first successful login, the initial time window is no longer active.
This controls the maximum allowed number of event variations between an authenticator application and the host system during login. This only applies to event-based authenticator applications and always applies for OTP verification. For signature validation, it depends on the online signature level setting whether the event window is used or not.