30.5 Process page (Security Settings)

Setting

Allow Administrative Groups

Default value

No

Description

When set to Yes, the scope available in workflows is extended to include any additionally specified administrative groups assigned to operators. The Add Person and Edit Person workflows are extended to allow management of administrative groups.

When set to No, the scope in workflows is limited to operators’ home groups, and it is not possible to manage operators’ administrative groups in Add Person or Edit Person.

Further information

See section 4.7, Administrative groups for details.

 

Setting

Approve Replacement Cards

Default value

No

Description

Whether requests for replacement cards require secondary authorization.

Yes – All requests for replacement cards require secondary authentication.

No – No requests for replacement cards require secondary authentication.

Ask – Requests for replacement cards require secondary authentication only if the Validate Issuance setting is set in the credential profile.

Note: The Validate Issuance setting in the credential profile affects replacement cards only if this option is set to Ask.

Further information

 

 

Setting

Block VSC unlock in Remote Unlock workflow

Default value

No

Description

Prevents an operator from using the Remote Unlock workflow to unlock VSCs.

Further information

 

 

Setting

Card Expiration Period (days)

Default value

365

Description

Default period for which all issued devices are valid.

Further information

See section 11.3.1, Credential profile options.

 

Setting

Client Logon Keyset

Default value

Signing

Description

Which keyset to use when signing data on the client during logon.

Further information

Cannot be edited.

 

Setting

Client Sign Keyset

Default value

Signing

Description

Which keyset to use when signing data on the client.

Further information

Cannot be edited.

 

Setting

Constrain Credential Profile Collector

Default value

Yes (if on installation there were no existing credential profiles)

or:

No (if on installation there were existing credential profiles).

Description

Whether you can select which roles can collect individual credential profiles on the Select Roles screen in the Credential Profiles workflow.

If this option is set to No, you can collect credentials using any role.

For credential profiles that were created when this option was not set to Yes (for example, before installing the current version of MyID) if you subsequently set this option to Yes, the credential profile will automatically be set to add any roles to the Can Collect column that were already selected in any of the other columns: Can Receive, Can Request, or Can Validate.

Further information

See section 11.3.8, Constrain credential profile collector for details.

 

Setting

Constrain Credential Profile Issuer

Default value

Yes (if on installation there were no existing credential profiles)

or:

No (if on installation there were existing credential profiles).

Description

Whether you can select which roles can request individual credential profiles on the Select Roles screen in the Credential Profiles workflow.

Further information

See section 11.3.6, Constrain credential profile issuer for details.

 

Setting

Constrain Credential Profile Unlock Operator

Default value

No

Description

Whether you can select which roles can unlock credentials using the Unlock Credential and Reset Card PIN workflows.

Further information

See section 11.3.9, Constrain credential profile unlock operator for details.

 

Setting

Constrain Credential Profile Validator

Default value

Yes

Description

Whether you can select which roles can validate individual requests using the selected credential profile.

Further information

See section 11.3.7, Constrain credential profile validator for details.

 

Setting

Restrict Roles on Child Groups

Default value

No

Description

If you set this to Yes, the roles available to a group are restricted to the roles available to the group's parent. The Inherit Roles option appears on the Select Roles dialog.

If you set this to No, the group may select from any roles in the system. The Inherit Roles option does not appear on the Select Roles dialog.

Further information

See section 4.2, Role inheritance.

 

Setting

Show Audit Summary

Default value

Ask

Description

Whether a summary of the audit information is displayed on completion of a workflow.

Further information

 

 

Setting

Show Set Security Phrases Button

Default value

No

Description

Displays a link to the Change Security Phrases workflow at the end of Add Person.

Further information

 

 

Setting

Sign Audit on Client

Default value

No

Description

Whether audit data from client is signed on the client.

Further information

Cannot be edited.

 

Setting

Sign Audit on Server

Default value

Yes

Description

Whether Audit Trail information is signed on the server.

Further information

Cannot be edited.

 

Setting

Task number timeout

Default value

30

Description

The time in minutes before a task number will expire. Task numbers are allocated when you start a workflow; you must complete a workflow before the task number expires.

This setting was previously stored in the DatabaseVersion table in the MyID database.

Further information