Manage General Authenticator Settings

After you create a user, you must assign the user authenticators. The user respond to authentication challenges to access Instant ID as a Service. The General settings set the conditions for authenticators and whether a user is automatically assigned certain authenticators when their account is created. While you can modify the General Settings at any time, you may want to configure the settings before you create new users or assign users additional authenticators. For example, you can set the General Settings to automatically assign an Entrust Soft Token to a user or automatically create a password for the user.

Note: If you are configuring Instant ID as a Service to synchronize users from Active Directory (AD), configure the Lockout Count and Lockout Lifetime settings to match the values used in your AD configuration.

For additional information, refer to the How to Configure Groups, Roles, Users and Authenticators - Instant IDaaS video tutorial.

Manage General Settings

Follow these steps to configure general settings for the user currently logged on.

  1. Click Main Menu Policies > General Settings. The General page appears.

  2. In the Lockout Settings, do the following:

    1. Set Lockout Count to the number of times a user can fail an authentication challenge before being locked out of their account.

    2. Select the Lockout Mode from the drop-down list.

      1. Select Authenticator to lock only the authenticator after multiple failed authentication attempts.

      2. Select User to lock the user after any failed authentication.

    3. Enter the Lockout Lifetime to the set number of seconds before the lockout expires. After the Lockout Lifetime expires, a user can attempt to authenticate again. A value of 0 means the account remains locked until unlocked by an administrator.

  3. In the Authentication Settings, do the following:
    1. Enter the Authentication Session Lifetime to set the time limit before an authenticated user needs to re-authenticate. The maximum value is 3600 (1 hour). The default is 900 seconds.
    2. Enter the Push Authentication Lifetime to set the time limit a user has to respond to a soft token challenge notification by selecting Confirm, or Cancel.

    3. Enter the Push Transaction Lifetime to set the time limit a user has to respond to a mobile soft token push transaction or mobile smart credential push transaction on the mobile soft token or mobile smart credential app.

    4. Enter the Maximum Number of Transactions Queued on the mobile soft token app. This is the number of transactions that can be in the queue at one time for a mobile soft token push transaction.

    This setting enables push transaction queuing, which allows a mobile soft token app to store multiple push transactions at a time, for example, multiple bank transfers. With this feature configured, Identity as a Service can deliver multiple transactions to a user's mobile soft token app and the user can address them within a configured amount of time. When the queue size is set to 1 (the default), then only one transaction delivered to a soft token identity is active at a time (a new one overwrites an older one), and, typically, transactions expire after a short time.

    When the number of transactions waiting for the user response is equal to the setting specified here, the queue is full for that soft token identity. Entrust strongly recommends that you set the queue size large enough that the queue never becomes full. If the queue does become full, however, and a new transaction arrives, Identity as a Service removes expired transactions from the queue. If that does not free a space for the new transaction (none are expired), Identity as a Service discards the oldest transaction in the queue.

    The default value is 1. When set to 1, transaction queuing is disabled and new transactions overwrite the previous transactions.

    Note: A user can use the same mobile soft token for both responding to an authentication challenge (for example, issuing a token code to access an application and responding to banking transactions)

    In addition, Entrust recommends that you set the Maximum Number of Transactions Queued Transactions based on the rate at which your organization creates transactions during peak loads, then consider doubling this value. The aim is to set a value that can accommodate an unusually high volume but is rarely, if ever, reached. This helps to ensure that transaction notifications are not removed from the queue before a user has had time to respond to them.

    Note: The Mobile smart credential app does not support transaction queuing.

  4. In the Authenticator Settings, do the following:

    1. Set Maximum Tokens Per User to the maximum number of tokens a user can have. The maximum value is 10.