Credential attributes

The
credential
element of the registration policy defines what authenticators the VIP account supports and how they are supported. You can set the following values:
  • allowedTypes
  • maxAllowed
  • expiration
  • multiUserCred
The following table lists the
credential
attributes available to the registration policy. The table also lists the default
credential
values.
Attributes of the
credential
element of
registrationPolicy
Attribute
Type
Description
Default Policy Value
allowedTypes
String
The types of authenticators that VIP can bind to your users. Include one or more of the following, followed by whether the authenticator type is supported (
Y
) or not (
N
).
This attribute is for registration only, and does not affect validation. If users register an allowed authenticator type and you later change the authenticator type to not be allowed, users can continue to validate with that authenticator.
  • For physical hardware tokens such as security tokens or security cards, use
    hardware
    . Include one or more of the following:
    • For VIP Security Token or VIP Security Keys, use
      securityToken
      .
    • For VIP Security Card, use
      securityCard
      .
  • For software authenticators, use
    software
    . Include one or more of the following:
    • For VIP Access for Mobile authenticators, use
      mobileCred
      .
    • For VIP Access for Desktop authenticators, use
      desktopCred
      .
  • For all other supported authenticators, use
    others
    . Include one or more of the following:
    • For SMS messages, use
      sms
    • For Voice calls, use
      voice
      .
  • "hardware": { "securityToken": "Y", "securityCard": "Y", }
  • "software": { "mobileCred": "Y", "desktopCred": "Y" }
  • "others": { "sms": "Y", "voice": "Y" }
maxAllowed
String
The maximum number of authenticators that a user can register at one time. Value must be from 1 through 5, inclusive.
"maxAllowed": 5
multiUserCred
String
Whether an authenticator can be registered to more than one user within your organization at one time (
Y
) or not (
N
).
"multiUserCred": "Y"
noAuthExpiration
String
The maximum number of days that an authenticator is valid before the user is prompted to register it again. Value must be between 15 to 365, inclusive.
Setting this attribute to
0
disables this policy.
"noAuthExpiration": 0