![]() ![]() Its use varies depending on the PIN mode. Use this option to reactivate a token that is in the locked or suspended state, making it valid for authentication. This forms part of the permanent token record and can be viewed by other Operators managing this user’s account. ![]() No Static Password after: Use this option to limit the life of the temporary password.Ĭomment: Use this area to enter a brief explanation for suspending the token. (Refer to Temporary password policy.)Ĭhange Password on First Use: If checked, the user must change the provided static password to a new value known only to them and which complies with the established policy. Generate button-Use this to generate a static password that complies with the established policy. Set Temporary Static Password: The user’s token will be suspended and the user will be given a temporary static password which can be used to authenticate: Both assigned and unassigned AD passwords are always automatically unlocked according to the Account Lockout policy. ![]() However, the operator cannot manually unlock unassigned AD passwords that can be used in pre-authentication rules or STA password validation. Assigned AD passwords appear in the user’s token list, and can also be manually unlocked by the operator. The AD password is automatically unlocked after the configured Account lock duration. The Account Lockout policy (defined in Policy > User Policies) temporarily locks a user’s AD password if the Account lock threshold is exceeded. Updates it through the domain controller. The AD password is handled as a cached credential, where the credential remains valid until the user For more information, see Enable password synchronization.Ĭurrently, STA does not synchronize the password expiry state. Note that this option is displayed only if the STA LDAP Integrator service is set up in SAS PCE. Refer to Enable password synchronization for additional details.Īccept LDAP/AD Password: The user’s token will be suspended and the user will be allowed to use their LDAP/Active Directory password to authenticate. Note that this option is displayed only if Active Directory Password Sync is set up for STA, and the user has a synchronized Active Directory password. No Static Password: The user’s token will be suspended and the user will not be given a temporary static password.Īccept LDAP/AD Password: The user’s token will be suspended and the user will be allowed to use their LDAP/Active Directory password to authenticate. If the user has only one active token and the virtual server temporary password policy allows assignment of a password, the following options may be available when suspending a user’s token: If a user has multiple active tokens, the various password options will not be available. To reactivate a suspended token, see Unlock tokens This button is disabled if the token is not in the Active state. Use this option to suspend the token, making it invalid for authentication but leaving it assigned to the user. Set Temporary Static Password to use a static password for authentication.įor more information about password options, see Suspend tokens. ![]() Select Authentication Methods > Password and then select one of the following:Īccept LDAP/AD Password to use the AD domain password for authentication. On the STA Token Management console, select a user. This option is disabled if the user has any other assigned authentication method. Use the password option to configure whether a user's AD password or static password is accepted by STA for authentication. STA clears the Initial PIN field as soon as the user completes the PIN change. By default, the initial PIN value must be changed by the user during their first authentication. Initial PIN is the PIN value to be given to the user when using Assign to issue a token. Provisioning Rule is the method by which a token was provisioned:, "Manual", or blank space (if STA is unable to determine the rule name). State is the state of the token or authentication method: Target is the device to which a token is deployed (such as Windows™ computer, iPhone™, BlackBerry™, and so on).ĭescription is the serial number of the token or “Password” if a static password is allowed. Type is the authentication method assigned to the user. It includes the following token information: The Authentication Methods module lists the tokens that are associated with the selected user. Select the Authentication Methods module. View the tokens that are associated with a user. The following options for managing a token are displayed: On the STA Token Management console, search for the user. In the Assignment > Authentication Methods module, manage tokens for users and view information about the associated token tasks. ![]()
0 Comments
Leave a Reply. |