31.1 Logon page (Security Settings)
Setting |
|
Default value |
No |
Description |
Enables logon codes. Used as a global setting for all credential profiles – to use logon codes, you must set this option to Yes and set the Generate Code on Request option in the credential profile. |
Further information |
See section 3.4, Logon using codes for details. |
Setting |
|
Default value |
Yes |
Description |
Determines whether the Manage My Credentials option appears on the MyID Authentication screen in the MyID Operator Client. |
Further information |
See the Managing your credentials from the MyID Authentication screen section in the MyID Operator Client guide. |
Setting |
|
Default value |
Yes (Software or Card if available) |
Description |
Whether the information passed from the client to the server is signed using a key or certificate stored on the card that was used to log in. This provides extra security. Choose: Yes (Software or Card if available) – Use a signing key from your smart card if available (if you select the MyID Logon option in the Services section of the credential profile, you can either select a certificate to be used for signing, or use a signing key generated on the card by MyID at issuance). If neither a certificate nor a manager keypair is available, use a temporary software signing key generated by MyID when you log on. No – Do not sign data. Software signing only – use a temporary software signing key generated by MyID when you log on. |
Further information |
|
Setting |
|
Default value |
No |
Description |
Whether the logon name associated with the MyID account is used in addition to the password when logging on to MyID. |
Further information |
No longer supported. Will appear only on upgraded systems, but has no effect. |
Setting |
|
Default value |
5 |
Description |
Specify the maximum number of failed attempts a user can make when attempting to answer an OTP challenge. When this number is exceeded, the OTP is rendered unusable, and the user must request a new OTP. |
Further information |
|
Setting |
|
Default value |
3 |
Description |
Specify the maximum number of failed attempts a user can make when attempting to answer a security question or enter a logon code. When this number is exceeded, the user's account |
Further information |
Note: If you set this option to 0, the default value of 3 is used and the user's account is locked when three attempts have been made without success. For information on unlocking security phrases, see section 3.3.5, Unlocking security phrases and section 3.3.6, Unlocking your own security phrases. |
Setting |
|
Default value |
No |
Description |
Allow password logon for self-service operations only when a card is present. |
Further information |
|
Setting |
|
Default value |
|
Description |
If a user logs into MyID Desktop and the required number of security phrases (as specified by the Number of security questions to register configuration option) have not been set up, run the first workflow listed that the user has access to. Workflows should be listed as option,operationid;option,operationid and so on. For example, 1,110 – this automatically launches the Change My Security Phrases workflow. |
Further information |
See section 3.3.3, Setting the number of security phrases required to authenticate for details. Note: The Set Security Phrase at Logon option is supported in MyID Desktop from MyID 10.6 Update 1 onwards – make sure you have upgraded your clients. This option does not affect the logon process when using the MyID Operator Client. |
Setting |
|
Default value |
No |
Description |
Controls whether the card owner's full name is displayed on the Logon page when their card is inserted. Note: If you set this option to No, and either you have the Show Photo at Logon set to No, or the users do not have photos attached to their user accounts, if you insert more than one card you will not be able to tell which card belongs to which user except by the card serial number and device type (which is available when you hover your mouse over the image). |
Further information |
This option affects both MyID Desktop and the MyID Operator Client. Note: If you enable this feature, it is possible to obtain cardholder names without authentication. |
Setting |
|
Default value |
No |
Description |
Whether the holder’s photograph is displayed at logon. |
Further information |
This option affects both MyID Desktop and the MyID Operator Client. Note: If you enable this feature, it is possible to obtain user photos without authentication. |
Setting |
|
Default value |
Yes |
Description |
Whether the information passed to the server during logon is signed using the keys or certificate stored on the card. |
Further information |
|
Setting |
|
Default value |
No |
Description |
If you set this option to Yes, when a user logs on to MyID with a certificate, MyID validates the certificate by verifying that it has not expired and checking it against the certificate revocation list. If the validation fails, MyID prevents the user from logging on. In addition, if you have an external system that allows you to link to an authentication service for certificate validation, the authentication service is used to validate the certificate after MyID as secondary validation. |
Further information |
Note: The application server must trust the Certificate Authority that issued the certificate being validated. |