DIGIPASSDIGIPASS (tab)

The DIGIPASS > DIGIPASS tab shows details of a particular authenticator.

Table: DIGIPASSDIGIPASS tab
Field name Description
Domain Name

Read-only. The domain to which the authenticator belongs. The domain must be defined in the data store.

The Move command must be used to change this.
Organizational Unit

Read-only. The organizational unit in which the authenticator is located. This is optional as the authenticator record does not have to be located in an organizational unit. The organizational unit must be defined in the data store.

The Move command must be used to change this.
DIGIPASS Type The type of authenticator represented by the authenticator record.
Description

A custom text description of the authenticator. This can be used to search for specific attributes of an authenticator, e.g. color, company logo.
Assignment Status
Reserve for Individual Assignment When used, this option prevents the authenticator from being assigned using auto-assignment or by provisioning registration. It also prevents it from being assigned by an administrator, who uses the Assign next available option in the Assign DIGIPASS wizard.
Assigned User

User ID of the user account that the authenticator is assigned to, if it is assigned. This user account must be in the same domain as the authenticator. Click the user ID to open the corresponding User Properties page.

Read-only. The Assign command must be used to change this.
Assignment Date

The date and time when the authenticator was assigned to its current user.

Read-only.
Bind Status The bind status of a Mobile Authenticator Studio authenticator.
Grace Period End

The date on which the grace period will expire (or did expire) for this authenticator. If the date shows today's date or before, the grace period has already expired. If it is blank, there is no grace period.

The grace period expires automatically when a one-time password (OTP) is used to authenticate for the first time, i.e. after the OTP has been successfully validated (if it has not been set manually to expire prior to that in the relevant policy). It also expires after a successful MDL activation, either using an OTP or a signature validation.
Valid From

Date and time when an activated (software) authenticator can effectively be used for authentication and signature operations.

For more information about delayed activation, refer to the OneSpan Authentication Server Product Guide and the OneSpan Authentication Server Administrator Guide.
Expires

The expiration date and time of the authenticator.

An expired authenticator is ignored when processing authentication, administrative logon, signature validation, and provisioning requests.
Reset PIN Optional. When used, this option allows users to reset their server PIN when using auto-assignment or self-assignment.
Backup Virtual DIGIPASS
BVDP Mode

Specifies whether and how the backup Virtual Mobile Authenticator feature can be used for this authenticator. Note that backup Virtual Mobile Authenticator must also be activated in the DPX file for the authenticator.

Normally, this field will be set to Default, meaning that the policy applicable to the authentication request determines the setting. This field in the authenticator record is used to override the policy setting for special cases.

Possible values:

  • Default. Use the setting of the parent policy.
  • No. A backup Virtual Mobile Authenticator is not permitted.
  • Yes -Permitted. A backup Virtual Mobile Authenticator is permitted, but not mandatory. The Enabled Until field is not applicable when using this option, but the Uses Remaining field is.
  • Yes – Time Limited Backup. Virtual Mobile Authenticator is permitted, but not mandatory. Both the Enabled Until and Uses Remaining fields will be in effect.
  • Yes - Required. A backup Virtual Mobile Authenticator is mandatory. This can be useful if the user may have lost the authenticator, to prevent it from being used until it is found again. The Enabled Until field is not applicable when using this option, but the Uses Remaining field is.
Enabled Until

The date on which the backup Virtual Mobile Authenticator feature may no longer be used, provided that the effective Enable Backup VDP setting is Yes – Time Limited (it is ignored otherwise).

If this date is blank, it will be set automatically the first time that the user requests a backup Virtual Mobile Authenticator OTP, using the backup Virtual Mobile Authenticator time limit defined in the policy.

Once this date has expired, it requires administrator intervention either to extend it or to reset it to blank for the next time that the user needs to use backup Virtual Mobile Authenticator.
Uses Remaining

The remaining number of times that the backup Virtual Mobile Authenticator feature may be used for this authenticator. Once this number has reached zero, backup Virtual Mobile Authenticator can no longer be used with this authenticator, unless the administrator increases it or resets it to blank.

If this number is blank and there is a backup Virtual Mobile Authenticator Max. Uses/User value defined in the policy, it will be set automatically the first time that the user requests a backup Virtual Mobile Authenticator OTP based on the Max. Uses/User value.
Static Vector ID The presence of a value here indicates that the respective device is a software authenticator capable of provisioning. Usually, its specific value is not of use to an administrator. It represents a lookup key of a database record used in the provisioning process (DPSoft Parameters) that stores the static vector value.
Last Activation

The date and time at which the last provisioning registration operation took place using this authenticator, when an activation code was generated for it.

There is a configurable minimum interval of time between registration operations for an authenticator. For more information, refer to the OneSpan Authentication Server Product Guide, Section "Software authenticator provisioning".

This value is reset to blank by the Reset Activation command.
Activation Locations

This is typically only used for DIGIPASS for Web, to keep track of the number of different locations at which a particular user has activated it. The value is a comma-separated list of hash values, where each hash value represents one location.

There is a configurable maximum number of activation locations for an authenticator. For more information, refer to the OneSpan Authentication Server Product Guide, Section "Software authenticator provisioning".

This value is reset to blank by the Reset Activation command.
Activation Count

The total number of provisioning registration operations that have taken place using this authenticator, when an activation code was generated for it. This includes registration operations for which the corresponding Activate operation was not completed successfully.

There is a configurable maximum number of activation attempts for an authenticator. For more information, refer to the OneSpan Authentication Server Product Guide, Section "Software DIGIPASS Provisioning".

This value is reset to 0 by the Reset Activation command.
Update History
Created

Read-only. The date and time that the record was created.
Modified

Read-only. The date and time that the record was last modified.

Available actions

  • Edit. Use this to edit the authenticator settings.

  • Delete. Use this to delete the authenticator. This button is NOT available if one or more authenticator instances are linked to the authenticator license in the context of multi-device licensing and multi-device activation.

    If maker–checker authorization is enabled and the authenticator is explicitly referenced as the only target authenticator in a pending operation, you cannot delete it and will receive a respective error message.

    If the authenticator is referenced in a pending operation, either explicitly as part of an authenticator list or as range parameter or implicitly within a range, you will receive a warning message and need to confirm the deletion of the authenticator.

  • Unassign. Use this to unassign the authenticator. This button is NOT available if active authenticator instances are linked to the authenticator license in the context of multi-device licensing and multi-device activation.
  • Set Expiration Use this to set the validity start and expiration dates for the authenticator.

  • Bind Device. Select this to bind a Mobile Authenticator Studio authenticator. Enter the derivation code generated by the Mobile Authenticator Studio authenticator, then click Verify.

    If the Mobile Authenticator Studio authenticator is already bound, the available action will be Unbind Device.

    This button is NOT available for authenticator licenses and instances in the context of multi-device licensing and multi-device activation.

  • Generate Activation Data. Select this to generate the data required to activate a Mobile Authenticator Studio authenticator. For authenticators of the MOB40 type, a QR code will be generated along with the full activation data. For authenticators of the MOB35 type, only the full activation data will be generated. This button is NOT available for authenticator licenses and instances in the context of multi-device licensing and multi-device activation.

  • Send Activation Data. Select this to send activation data to a Mobile Authenticator Studio authenticator. Select Delivery Method from the drop-down menu, and specify the destination value. The destination can be an email address, a mobile phone number, or a landline phone number. The details for the destination will be populated automatically from the user information. This button is NOT available for authenticator licenses and instances in the context of multi-device licensing and multi-device activation.

    Generating and sending activation data is not only part of the first-time activation process, but also serves to activate a new mobile device and invalidate any previously activated authenticators for security reasons.