aXsGUARD Identifier 3.0.2.0 Product Guide v1.5
User Authentication Process
3.5
Local Authentication
3.5.1
Overview
Local Authentication
is a term used to describe the aXsGUARD Identifier authenticating a User based on
information in its data store. Typically the DIGIPASS One Time Password (OTP) is required, but in other cases a
static password may be sufficient.
In this section we explain authentication with and without a DIGIPASS device.
3.5.2
Local Authentication Policy Setting
The
Local Authentication
Policy setting indicates whether to perform Local Authentication, and if so, whether a
static password is permitted. This setting is overruled by the same setting in the DIGIPASS User account, unless
the value in the DIGIPASS User account is 'Default', in which case the Policy setting is used. Local Authentication is
only set at DIGIPASS User account level for special case Users. The possible values for the Local Authentication
setting are shown in the table below.
Table 1: Values for Local Authentication Setting
Setting
Explanation
Default
Local Authentication is handled as configured in settings inherited from the parent policy. More
information on Local Authentication in relation to policies and inheritance can be found in section
None
No Local Authentication takes place.
DIGIPASS
Only
A DIGIPASS One Time Password must be verified. Users without a DIGIPASS device cannot log in.
However, DIGIPASS
Self-Assignment
is still possible, as an OTP is used as part of the process (see
for information on DIGIPASS assignment options.)
DIGIPASS/
Password
A DIGIPASS One Time Password or static password may be verified. As a general rule, until a User starts
to use a DIGIPASS device, they may continue to authenticate with their static password.
3.5.3
Authentication with DIGIPASS
3.5.3.1
Overview
In this section on authentication with a DIGIPASS device, we first explain DIGIPASS lookup and checks in section
. Following successful DIGIPASS lookup and checks, with at least one DIGIPASS record returned, request
processing can continue.
©
2009 VASCO Data Security
30