CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configuring Profiles and Policies › Configuring ArcotID OTP (EMV-Compliant) Settings › Configuring ArcotID OTP (EMV-Compliant) Issuance Profile

Configuring ArcotID OTP (EMV-Compliant) Issuance Profile

An CA Auth ID OTP-EMV profile can be used to specify the following attribute related to CA Auth ID OTPs that are complaint with Europay, MasterCard, and VISA (EMV) protocol.

• Validity period: The period for which an CA Auth ID OTP-EMV is valid.

By configuring an CA Auth ID OTP-EMV profile and assigning it to one or more organizations, you can control the characteristics of CA Auth ID OTP-EMV credentials that are issued to users of those organizations. Use the ArcotOTP-EMV Profiles page to create CA Auth ID OTP-EMV credential profiles.

Note: To configure an ArcotID OTP-EMV profile, you first create account types.

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Verify that the CA Strong Authentication tab in the submenu is active.
3. Under the ArcotOTP-EMV section, click the Issuance link to display the ArcotOTP-EMV Profiles page.
4. Edit the fields in the Profile Configurations section, as required.

   Create

   If you choose to create a new profile, then:

   • Select the Create option.
   • Specify the Configuration Name of the new profile in the field that appears.

   Update

   If you choose to update an existing profile, then select the profile that you want to update from the Select Configuration list that appears.

   Copy Configuration

   Enable this option if you want to create the profile by copying the configurations from an existing profile.

   Note: You can also copy from configurations that belong to other organizations that you have scope on.

   Available Configurations

   Select the profile from which the configurations will be copied.

   Account Type

   Specify the account type that has to used for creating ArcotID OTP-EMV credential.

   Attribute For PAN Sequence

   Specify the Primary Account Number (PAN) sequence that helps to differentiate two cards with the same PAN. For example, a card that is reissued after the expiry might have the same PAN but a different sequence number.

   To add PAN sequence, you need to add custom attributes while configuring account types. See "Configuring the Account Type".

   To assign PAN sequence to a user in the organization, you need to edit the user account to add values for custom attribute. See "Creating Account IDs". This value will be included in the card string. The custom attribute value is not mandatory, if not provided, then 00 is used by default.

   Logo URL

   Enter the URL that contains the logo, which will be displayed on the client device that uses EMV OTP for authenticating to CA AuthMinder-protected applications.

   Display Name

   Enter the name that is used to display the EMV OTP on the client device. You can either enter a fixed string or pass the following user variables as $$(<variable>)$$:

   • user name (userName)
   • organization name (orgName)
   • credential custom attributes
   • user custom attributes

   Validity Start Date

   Set the date from when the issued ArcotID OTP credential will be valid.

   The validity can start from either the date when this credential is created or you can specify a custom date.

   Validity End Date

   Set the date when the ArcotID OTP will expire.

   You can choose any of the following options to set the expiration date:

   • Specify the duration
   • Specify a custom date
   • Choose Never Expires option if you want the ArcotID OTP to not expire at all.

5. Expand the Advanced Configurations section by clicking the [+] sign.
6. In the Custom Attributes section, specify any extra information in the Name-Value pair format. For example, the organization information that can be used by plug-ins.
7. In the Custom Card Attributes section, specify the additional information that you want to add to the ArcotID OTP-EMV card.
8. Set the following in the User Validations section:
   • Select the User Active option if you want to verify the user status for the following operations involving the current credential:
     • Create credential
     • Re-issue credential
     • Reset credential
     • Reset validity of the credential
   • Select the User Attribute option if you want to verify whether the user attribute matches certain values. You can set the value for the following user attributes:
     • Date when the user was created
     • Date when the user details were modified
     • Email address
     • First name
     • Middle name
     • Last name
     • User status
     • Telephone number
     • Unique user identifier

     Note: User attribute check feature is available only if you are performing configurations at the organization-level.

9. In the Multiple Credential Options section, enter the description to identify the purpose for which the EMV OTP is used in the Usage Type field. For example, a user can have a temporary credential to perform a remote login to the network, the usage type for this credential can be temporary.
10. Click Save to create or update the EMV OTP profile.
11. Refresh all deployed CA AuthMinder Server instances. See Refresh a Server Instance for instructions about the procedure.