Policy inheritance

Policies can be set up in a hierarchy, where a policy inherits attributes from a parent policy, but applies some modifications for a slightly different scenario. At the top of that hierarchy is a given parent or base policy, which does not inherit any attributes from any other policy, i.e. a so-called parentless policy. That topmost policy is not necessarily the default base policy specified in OneSpan Authentication Server, i.e. Base Policy.

In Figure: Policy inheritance (Example), all attributes are inherited from the parent policy. The attributes shown in the child policies are explicitly set, which make these policies different from the parent policy. Attributes explicitly set in the child policies override those of the parent policies.

Static password rules

An exception to the policy inheritance are the static password policy settings. They depend on the user type:

• If the password of an administrative user is changed, the effective policy values for password strength rules apply.
• If the password of a regular user is changed, the values defined in the base policy of the applicable policy apply, NOT the effective settings.

For more information, refer to the OneSpan Authentication Server Administrator Guide, Section "Static password strength and age rules".

Effective settings

As the various levels of settings in policy inheritance can get confusing, you can view the effective settings for a selected policy, taking inherited settings into account.