30.5 Process page (Security Settings)
Setting |
|
Default value |
No |
Description |
When set to Yes, the scope available in workflows is extended to include any additionally specified administrative groups assigned to operators. The Add Person and Edit Person workflows are extended to allow management of administrative groups. When set to No, the scope in workflows is limited to operators’ home groups, and it is not possible to manage operators’ administrative groups in Add Person or Edit Person. |
Further information |
See section 4.7, Administrative groups for details. |
Setting |
|
Default value |
No |
Description |
Whether requests for replacement cards require secondary authorization. Yes – All requests for replacement cards require secondary authentication. No – No requests for replacement cards require secondary authentication. Ask – Requests for replacement cards require secondary authentication only if the Validate Issuance setting is set in the credential profile. Note: The Validate Issuance setting in the credential profile affects replacement cards only if this option is set to Ask. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Prevents an operator from using the Remote Unlock workflow to unlock VSCs. |
Further information |
|
Setting |
|
Default value |
365 |
Description |
Default period for which all issued devices are valid. |
Further information |
Setting |
|
Default value |
Signing |
Description |
Which keyset to use when signing data on the client during logon. |
Further information |
Cannot be edited. |
Setting |
|
Default value |
Signing |
Description |
Which keyset to use when signing data on the client. |
Further information |
Cannot be edited. |
Setting |
|
Default value |
Yes (if on installation there were no existing credential profiles) or: No (if on installation there were existing credential profiles). |
Description |
Whether you can select which roles can collect individual credential profiles on the Select Roles screen in the Credential Profiles workflow. If this option is set to No, you can collect credentials using any role. For credential profiles that were created when this option was not set to Yes (for example, before installing the current version of MyID) if you subsequently set this option to Yes, the credential profile will automatically be set to add any roles to the Can Collect column that were already selected in any of the other columns: Can Receive, Can Request, or Can Validate. |
Further information |
See section 11.3.8, Constrain credential profile collector for details. |
Setting |
|
Default value |
Yes (if on installation there were no existing credential profiles) or: No (if on installation there were existing credential profiles). |
Description |
Whether you can select which roles can request individual credential profiles on the Select Roles screen in the Credential Profiles workflow. |
Further information |
See section 11.3.6, Constrain credential profile issuer for details. |
Setting |
|
Default value |
No |
Description |
Whether you can select which roles can unlock credentials using the Unlock Credential and Reset Card PIN workflows. |
Further information |
See section 11.3.9, Constrain credential profile unlock operator for details. |
Setting |
|
Default value |
Yes |
Description |
Whether you can select which roles can validate individual requests using the selected credential profile. |
Further information |
See section 11.3.7, Constrain credential profile validator for details. |
Setting |
|
Default value |
No |
Description |
If you set this to Yes, the roles available to a group are restricted to the roles available to the group's parent. The Inherit Roles option appears on the Select Roles dialog. If you set this to No, the group may select from any roles in the system. The Inherit Roles option does not appear on the Select Roles dialog. |
Further information |
Setting |
|
Default value |
Ask |
Description |
Whether a summary of the audit information is displayed on completion of a workflow. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Displays a link to the Change Security Phrases workflow at the end of Add Person. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Whether audit data from client is signed on the client. |
Further information |
Cannot be edited. |
Setting |
|
Default value |
Yes |
Description |
Whether Audit Trail information is signed on the server. |
Further information |
Cannot be edited. |
Setting |
|
Default value |
30 |
Description |
The time in minutes before a task number will expire. Task numbers are allocated when you start a workflow; you must complete a workflow before the task number expires. This setting was previously stored in the DatabaseVersion table in the MyID database. |
Further information |
|