Query filters
Queries can be defined from user, authenticator, and audit data fields. The fields listed below are available for selection when you define a query.
Query fields
The user query fields can be referred to in the XSLT templates.
| Display name | Data type | Accepted values |
|---|---|---|
| User:Back-End Authentication | String |
|
| User:Created time | Date |
Format:
|
| User:Description | String | |
| User:Disabled | Boolean |
|
| User:Domain | String | |
| User:Email | String | |
| User:Expiration Date | Date |
Format:
|
| User:Has Digipass | String |
|
| User:Last Authentication | Date | |
| User:Local Authentication | String |
|
| User:Lock Count | Number | |
| User:Locked | Boolean |
|
| User:Mobile | String | |
| User:Modified time | Date |
Format:
|
| User:Organizational Unit | String | |
| User:Phone | String | |
| User:Status | String | |
| User:User ID | String | |
| User:User Name | String | |
| User Attributes:* | String |
| Display name | Data type | Accepted values |
|---|---|---|
| Digipass:Application Names | String | Comma-separated list of authenticator application names. |
| Digipass:Application Types | String | Comma-separated list of authenticator application types. |
| Digipass:Assigned | Date |
Format:
|
|
Digipass:Backup VDP Enabled |
String |
|
| Digipass:Backup VDP Expires | Date |
Format:
|
| Digipass:Backup VDP Uses Left | Number | |
| Digipass:Created time | Date |
Format:
|
| Digipass:Description | String | |
| Digipass:Digipass Type | String | 5-character code. |
| Digipass:Domain | String | |
| Digipass:Expiration Date | Date |
Format:
|
| Digipass:Grace Period End | Date |
Format:
|
| Digipass:Modified time | Date |
Format:
|
| Digipass:Serial Number | String | |
| Digipass:Status | String |
|
| Digipass:User ID | String | User ID of the user the authenticator is assigned to. |
| Display name | Data type | Accepted values |
|---|---|---|
| Audit:Action | String | |
| Audit:AMID | String | |
| Audit:Application | String | |
| Audit:Area | String | |
| Audit:Back-End Authentication | String | |
| Audit:Category | String | |
| Audit:Characteristics | String | |
| Audit:Client Description | String | |
| Audit:Client Location | String | |
| Audit:Client Type | String | |
| Audit:Code | String | For a list of possible codes and messages used by the audit system, see Audit messages. |
| Audit:Command | String | |
| Audit:Configuration Details | String | |
| Audit:Credentials | String | |
| Audit:Data Source | String | |
| Audit:Data Source Location | String | |
| Audit:Description | String | For a list of possible codes and messages used by the audit system, see Audit messages. |
| Audit:Downtime | Number | |
| Audit:Error Code | Number | For a list of error codes used by OneSpan Authentication Server, see Error messages. |
| Audit:Error Details | String | For a list of error codes used by OneSpan Authentication Server, see Error messages. |
| Audit:Error Message | String | For a list of error codes used by OneSpan Authentication Server, see Error messages. |
| Audit:Expiration Date | Date |
Format:
|
| Audit:Fields | String | |
| Audit:From | String | |
| Audit:Input Details | String | |
| Audit:IP Address | IP Address |
Required. Valid IPv4 address range using CIDR notation to filter audit messages, if the client IP address is either within the specified address range or not. Can be used with the following conditions only:
|
| Audit:Local Authentication | String | |
| Audit:Message | String | For a list of possible codes and messages used by the audit system, see Audit messages. |
| Audit:Object | String | |
| Audit:Operation | String | |
| Audit:Outcome | String | |
| Audit:Output Details | String | |
| Audit:Password Protocol | String | |
| Audit:Policy ID | String | |
| Audit:Quota | Number | |
| Audit:RADIUS Octets Input | Number | The number of bytes sent by the user. |
| Audit:RADIUS Octets Output | Number | The number of bytes received by the user. |
| Audit:RADIUS Status Type | String | The audit function performed, e.g. start, stop, update. |
| Audit:Reason | String | |
| Audit:Request ID | String | |
| Audit:Request Type | String | |
| Audit:Server Location | String | |
| Audit:Session ID | String | |
| Audit:Session Time | Number | How long the user has been connected, in seconds. |
| Audit:Source | String | |
| Audit:Source Location | String | |
| Audit:Timestamp | Date |
Format:
|
| Audit:To | String | |
| Audit:Type | String | |
| Audit:Type code | Number | |
| Audit:User Location | String | |
| Audit:Version | String |
Two or more values after the operator will be interpreted as if the word 'and' is between them (logical AND).
Date field queries
Any query field, which is a date field can have the following filter applied to it.
Use one of the following operators:
- is less than or equal to
- is greater than or equal to
Then specify one or more days, weeks, or months from now, where now is taken to be the current date.
The filter must be in the following format:
- 1 day from now
- 6 weeks from now
- 5 years from now
You need to use the exact spelling and the exact number of spaces. The number must be a numeric character. The filter is not case-sensitive.
The words from now can be replaced with ago. For example, the following term will select information 3 years old or older:
is greater than or equal to 3 years ago