CA Strong Authentication Administration Guide › Managing Global CA AuthMinder Configurations › Configuring Profiles and Policies › Configure OTP Settings › Configure OTP Issuance Profile

Configure OTP Issuance Profile

An OTP profile can be used to specify the following attributes related to a One-Time Password credential:

• OTP strength: The type (numeric or alphanumeric) and length of the OTP.
• Validity period: The period for which an OTP is valid.
• Usage: The number of times an OTP can be reused for authentication.

By configuring an OTP profile and assigning it to one or more organizations, you can control the characteristics of OTP credentials that are issued to users of those organizations. Use the One-Time Password Profiles page for creating OTP credential profiles.

Follow these steps:

1. Click the Services and Server Configurations tab on the main menu.
2. Verify that the CA Strong Authentication tab in the submenu is active.
3. Under the OTP section, click the Issuance link to display the One Time Password Profiles page.
4. Edit the fields in the Profile Configurations section, as required.

   Profile Configurations:

   Create

   If you choose to create a new profile, then:

   • Select the Create option.
   • Specify the Configuration Name of the new profile in the field that appears.

   Update

   If you choose to update an existing profile, then select the profile that you want to update from the Select Configuration list that appears.

   Copy Configuration

   Enable this option if you want to create the profile by copying the configurations from an existing profile.

   Note: You can also copy from configurations that belong to other organizations that you have scope on.

   Available Configurations

   Select the profile from which the configurations will be copied.

   Type

   Specify whether you want to issue numeric or alphanumeric OTPs to users.

   The default value is Numeric.

   Length

   Set the length of an OTP.

   The minimum length of the OTP can be 5 (which is also the default value) and the maximum length can be up to 32 characters.

   Validity Period

   Set the interval for which the issued OTP credential will be valid.

   You can specify this time in seconds, minutes, hours, and days, and even in months and years.

   Allow Multiple Use

   Select this option if you would like the OTP to be used more than once.

   Use

   Specify the total number of times an OTP can be used, if you selected the Allow Multiple Use option.

5. Expand the Advanced Configurations section by clicking the [+] sign.
6. In the Custom Attributes section, specify any extra information in the Name-Value pair format. For example, the organization information that can be used by plug-ins.
7. Set the following in the User Validations section:
   • Select the User Active option if you want to verify the user status for the following operations involving the current credential:
     • Create credential
     • Re-issue credential
     • Reset credential
     • Reset validity of the credential
   • Select the User Attribute option if you want to verify whether the user attribute matches certain values. You can set the value for the following user attributes:
     • Date when the user was created
     • Date when the user details were modified
     • Email address
     • First name
     • Middle name
     • Last name
     • User status
     • Telephone number
     • Unique user identifier

     Note: User attribute check feature is available only if you are performing configurations at the organization-level.

8. In the Multiple Credential Options section, enter the description to identify the purpose for which the OTP is used in the Usage Type field. For example, a user can have a temporary credential to perform a remote login to the network, the usage type for this credential can be temporary.
9. Click Save.
10. Refresh all deployed CA AuthMinder Server instances. See Refresh a Server Instance for instructions about the procedure.