Manage Authenticators

An authenticator is a security measure that protects an application from unauthorized access. Authenticators require that a user respond to a challenge in order to gain access to the application. You assign authenticators to users to allow them to access applications protected by Instant ID as a Service.

Consider the following when assigning authenticators to users:

  • A user can be assigned multiple authenticators.
  • A user must have at least one authenticator assigned to them in order to log in to Instant ID as a Service.
  • A user can choose to receive their OTP by voice, email, or SMS if they have a phone number, email address, or mobile device registered to their account.
  • Assigned Entrust Soft Token must have a token state (either Active or Inactive). Only Entrust Soft Tokens in an Active state can be used for authentication.
  • The resource rule associated with an application determine which authenticators can be used to log in to an application.

Authenticator Lockout Behavior

The authenticators allowed to access applications are set by the resource rules (see Create resource rules). If a user enters an incorrect authenticator response more times than the value set in the Lockout Count (Refer to Manage General Authenticator Settings), the authenticator is locked and the user cannot access the application using that authenticator.

Consider this example:

  1. A user has access to two applications, Application 1 and Application 2.
  2. The resource rule for Application 1 requires password + OTP or Entrust Soft Token.
  3. The resource rule for Application 2 allows Entrust Soft Token only.
  4. The Lockout Count is set to 5.
  5. The user accesses Application 1 and enters a valid password, but enters in incorrect Entrust Soft Token response 5 times, which locks the Entrust Soft Token authenticator.
  6. The user can still access Application 1 using the correct password and a valid OTP.
  7. The user cannot access Application 2 because it requires Entrust Soft Token authentication but the user has locked their Entrust Soft Token authenticator.

For additional information, refer to the How to Configure Groups, Roles, Users and Authenticators - Instant IDaaS video tutorial.

Assigning User Authenticators

This section describes how to set up and assign user authenticators. and how to authenticate with them.

Topics in this section: