Configuring ArcotID OTP (OATH-Compliant) Issuance Profile

CA AuthMinder Administration Guide › Managing Global AuthMinder Configurations › Configuring Profiles and Policies › Configuring ArcotID OTP (OATH-Compliant) Settings › Configuring ArcotID OTP (OATH-Compliant) Issuance Profile

Configuring ArcotID OTP (OATH-Compliant) Issuance Profile

An ArcotID OTP-OATH profile can be used to specify the following attributes related to ArcotID OTPs that are complaint to OATH standards.

Length: The length of the ArcotID OTP.
Validity period: The period for which an ArcotID OTP is valid.

By configuring an ArcotID OTP-OATH profile and assigning it to one or more organizations, you can control the characteristics of ArcotID OTP credentials that are issued to users of those organizations. Use the ArcotOTP Profiles page to create ArcotOTP credential profiles.

To create or update an ArcotID OTP-OATH profile:

Ensure that you are logged in as a Global Administrator (GA).
Activate the Services and Server Configurations tab on the main menu.
Ensure that the WebFort tab in the submenu is active.
Under the ArcotOTP-OATH section, click the Issuance link to display the ArcotOTP-OATH Profiles page.
Edit the fields in the Profile Configurations section, as required. The following table describes the fields of this section:

Field	Description

Profile Configurations
Create	If you choose to create a new profile, then: Select the Create option. Specify the Configuration Name of the new profile in the field that appears.
Update	If you choose to update an existing profile, then select the profile that you want to update from the Select Configuration list that appears.
Copy Configuration	Enable this option if you want to create the profile by copying the configurations from an existing profile. Note: You can also copy from configurations that belong to other organizations that you have scope on.
Available Configurations	Select the profile from which the configurations will be copied.
Token Type	Select the type of ArcotID OTP that must be created for the user. HOTP represents counter-based tokens and TOTP represents time-based tokens.
Length	Set the length of an ArcotID OTP. The minimum length of the ArcotID OTP can be 6 (which is also the default value) and the maximum length can be up to 8 characters.
Time Step	The time interval, in seconds, during which the OTP generated by the client is the same as the OTP generated by the server. A larger time step allows the two OTPs to match for a longer period. In other words, a larger time step can accommodate a longer delay in receipt of the OTP from the client. You can enter any value from 1 to 300. The default is 30. Note: This option is applicable only for TOTP-based ArcotID OTPs.
Logo URL	Enter the URL that contains the logo, which will be displayed on your client device that uses ArcotID OTP for authenticating to AuthMinder-protected applications.
Display Name	Enter the name that is used to display the ArcotID OTP on the client device. You can either enter a fixed string or pass the following user variables as $$(<variable>)$$: user name (userName) organization name (orgName) credential custom attributes user custom attributes
Validity Start Date	Set the date from when the issued ArcotID OTP credential will be valid. The validity can start from either the date when this credential is created or you can specify a custom date.
Validity End Date	Set the date when the ArcotID OTP will expire. You can choose any of the following options to set the expiration date: Specify the duration Specify a custom date Choose Never Expires option if you want the ArcotID OTP to not expire at all.

Expand the Advanced Configurations section by clicking the [+] sign.
In the Custom Attributes section, specify any extra information in the Name-Value pair format. For example, the organization information that can be used by plug-ins.
In the Custom Card Attributes section, specify the additional information that you want to add to the ArcotID OTP-OATH card. These custom attributes will be available as part of the card string.
Set the following in the User Validations section:
- Select the User Active option if you want to verify the user status for the following operations involving the current credential:
  - Create credential
  - Re-issue credential
  - Reset credential
  - Reset validity of the credential
- Select the User Attribute option if you want to verify whether the user attribute matches certain values. You can set the value for the following user attributes:
  - Date when the user was created
  - Date when the user details were modified
  - Email address
  - First name
  - Middle name
  - Last name
  - User status
  - Telephone number
  - Unique user identifier
  Note: User attribute check feature is available only if you are performing configurations at the organization-level.
In the Multiple Credential Options section, enter the description to identify the purpose for which the ArcotID OTP is used in the Usage Type field. For example, a user can have a temporary credential to perform a remote login to the network, the usage type for this credential can be temporary.
Click Save to create or update the ArcotID OTP profile.
Refresh all deployed AuthMinder Server instances. See "Refreshing a Server Instance" for instructions on how to do this.