TID Cloud Authentication (Policy)
The following is an overview of the relevant default settings of cloud authentication
- Parent policy: Identikey Local Authentication
Allow Custom Request Body
If true, all Secure Channel policy settings can be overwritten by providing a valid request body attribute in the request.
The method by which a user has to request a Virtual Mobile Authenticator login. The request is made in the password field during login. The request will be ignored if the user does not have a Virtual Mobile Authenticator assigned.
This defines the request keyword that a user must enter to request a primary Virtual Mobile Authenticator login. This applies if a method using a keyword is selected in Request Method. This can be blank.
The method used to deliver the Virtual Mobile Authenticator.
This field also allows you to specify one of the following combinations of delivery methods:
The MDC profile to use for this delivery method. It defines a specific group of settings for a particular delivery method. If no MDC profile is specified in this field, the highest-ranked, enabled, and available MDC profile for the specified delivery method/s will be used.
The MDC profile name is not unique, therefore, more than one MDC profile with the same name may exist for this delivery method. In that case, the highest-ranked, enabled, and available MDC profile with the specified name will be used.
The text that will be used as the title of push notifications Message that is pushed from a server to a user and is displayed on an end-user device, e.g. a mobile device. Push notifications are received by a particular app. This must be registered on the corresponding server to receive notifications. Notifications can be sent at any time, the users do not have to be actively using the app at that time. sent for authentication and signature operations.
|Tap here to confirm login
The text that will be used as the subject of push notifications sent for authentication and signature operations.
The time span in seconds during which authentication via a particular push notification message is possible, i.e. the time span between sending a push notification to a mobile device, and the response from the OneSpan Mobile Authenticator app. When the timeout period has elapsed, authentication using the push notification message will fail.
Initial Time Window
This controls the maximum allowed time variation between an authenticator and the host system, the first time that the authenticator is used. The time is specified in hours.
This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful login. This only applies to time-based authenticators when verifying an OTP.
In either case, after the first successful login, the initial time window is no longer active.
This controls the maximum allowed number of event variations between an authenticator application and the host system during login. This only applies to event-based authenticator applications and always applies for OTP verification. For signature validation, it depends on the online signature level setting whether the event window is used or not.