clientTxId

No

Unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

Additional Input (additionalInput) Elements

pairs

No

AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs.

• name (The name with which you want to create the key pair.)
• value (The corresponding value for name.)

  Note: You can add more than one of these elements.

Some of the pre-defined additional input parameters include:

• AR_WF_LOCALE_ID
  Specifies the locale that AuthMinder will use while returning the messages back to your calling application.
• AR_WF_CALLER_ID
  This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information.

Organization Detail (configurations/orgDetails) Elements

orgName

Yes

Indicates the name of the organization to which you want to apply these configuration settings.

OR

isGlobal

Yes

Indicates whether you want to apply these configuration settings at the global level, which means these configurations will be available to all the organizations in the system.

Credential Configuration Elements

The following elements are applicable to all credential configurations, namely arcotIDIssuanceConfigs, qnaIssuanceConfigs, passwordIssuanceConfigs, serverOTPIssuanceConfigs, oathIssuanceConfigs, arcotOTPIssuanceConfigs, emvIssuanceConfigs.

name

No

Indicates the name of the new profile. Each profile is identified by a unique profile name.

status

No

Indicates the configuration status. Possible values are:

• ACTIVE
• DISABLED
• DELETED
• DEFAULT
• READONLY

multipleUsageCount

No

Indicates the number of times a credential can be used.

usageType

No

Multiple credentials of the same type can be issued for a user. The usage type identifies the purpose for which each credential is used. For example, a user can have a temporary password to perform a remote login to the network. The usage type for this password can be temporary.

validity/ validityBegin and validityEnd

No

When creating a credential, you can set a period for which the credential will be valid. The validityBegin and validityEnd elements enable you to set the validity period by using the following elements:

• year
  The year when the validity period begins or ends.
• month
  The month when the validity period begins or ends.
• day
  The day on which the validity period begins or ends
• hour
  The hour at which the validity period begins or ends.
• minute
  The minute at which the validity period begins or ends.
• second
  The second at which the validity period begins or ends.
• dateType
  The start date or end date of the validity period. Following are the supported date types:
  1
  Uses the current date of AuthMinder Server to set the validity or disable period. This is not applicable for validityEnd.
  2
  Indicates that the credential will be valid forever and will not expire. This is not applicable for validityBegin.
  3
  Uses the absolute date that is specified by your application to set the validity or disable period.
  4
  Uses a relative date corresponding to the start date. For example, if the relative date is one month, then the end date would be one month after the start date.

userCheck

No

AuthMinder uses the user check information before performing some of the credential operations. The following elements are used to perform user checks:

• userActiveCheck
  Indicates the user status. The issuance operation will fail if the user is in the disabled state.
• userAttributesToCheck
  Indicates whether the user attributes match certain values. You can set the attributes in name-value pairs.
  name
  Indicates the attribute whose value you want to match before creating the credential.
  value
  Indicates the corresponding value for the name.

customAttributes

No

This element is used to define any custom attributes for a credential profile. This helps in maintaining any additional credential information. For example, if you do not want the user to download their ArcotID PKI on more than five systems, then you can create an attribute with this information.

You can set the custom attributes in name-value pairs.

• name
  Indicates the name with which you want to create the custom attribute.
• value
  Indicates the corresponding value for the name.

keyLength

No

Indicates the size (in bits) of the key to be used in ArcotID PKI’s Cryptographic Camouflage algorithm.

unsignedAttributes

No

Indicates the attributes that are set while creating or after creating an ArcotID PKI for the user. Such attributes are called unsigned attributes because these attributes (name-value pairs) are set in the unsigned portion of the ArcotID PKI.

• name
  Indicates the name with which you want to create the unsigned attribute.
• value
  Indicates the corresponding value for the name.

passwordStrengthParameters

No

The effectiveness of the password, which is determined by a combination of the length of the password and number of alphabets, numerals, and special characters in it.

The following elements are used to set the strength of a password:

• minLength
  The least number of characters that the password can contain.The minimum length must be between 1 and 64 characters.
• maxLength
  The maximum number of characters that the password can contain.The maximum length must be between 1 and 64 characters.
• minAlphaChars
  The least number of alphabetic characters (a-z and A-Z) that the password can contain.
• minNumericChars
  The least number of numeric characters (0 through 9) that the password can contain.
• minSpecialChars
  The least number of special characters that the password can contain. By default, all the special characters excluding ASCII (0-31) characters are allowed.

  Note: The sum of all the elements must be less than minLength.

historyConfig

No

This element is used to enforce users to not reuse old ArcotID PKI passwords. Any one of the following elements can be used for configuration:

• count
  Use this element if you want the current ArcotID PKI password to be different from the last n passwords.
• time
  Use this element if you want the current ArcotID PKI password to be different from the passwords created during a specified duration. For information about the elements used to specify duration, see the "validity/ validityBegin and validityEnd" element.

maxQuestions

No

Indicates the maximum number of questions and answers the user must set during issuance.

minQuestions

No

Indicates the minimum number of questions and answers the user can set during issuance.

questions

No

A list of pre-configured questions that users can use to set up their QnA credential.

isCaseSensitive

No

Indicates whether the answers entered by the users must be case-sensitive or not.

questionReturnMode

No

Indicates how the questions must be selected for the users to provide their answers. The supported values are:

• 1
  Indicates a static set wherein a fixed set of questions are selected from the configured set and presented to users.
• 2
  Indicates a random set wherein the questions are selected randomly from the configured set and presented to users.

enforceUniquenessAcrossUsageTypes

No

Multiple passwords that are set using the usageType can be unique or the same.

generatePassword

No

Indicates whether the password should be generated by AuthMinder Server.

passwordStrengthParameters

No

The effectiveness of password, which is determined by a combination of the length of the password and number of alphabets, numerals, and special characters in it.

The following elements are used to set the strength of a password:

• minLength
  The least number of characters that the password can contain.The minimum length must be between 1 and 64 characters.
• maxLength
  The maximum number of characters that the password can contain.The maximum length must be between 1 and 64 characters.
• minAlphaChars
  The least number of alphabetic characters (a-z and A-Z) that the password can contain. This value must be lesser than or equal to the value specified in minLength.
• minNumericChars
  The least number of numeric characters (0 through 9) that the password can contain.
• minSpecialChars
  The least number of special characters that the password can contain. By default, all the special characters excluding ASCII (0-31) characters are allowed.

  Note: The sum of all the elements must be less than minLength.

historyConfig

No

This element is used to enforce users to not reuse old passwords. Select any one.

• count
  Use this element if you want the current password to be different from the last passwords.
• time
  Use this element if you want the current password to be different from the passwords created during a specified duration. For information about the elements used to specify duration, see the "validity/ validityBegin and validityEnd" element.

length

No

The length of the OTP. By default, the OTP length is 5.

type

No

Indicates whether the OTP is numeric or alphanumeric. Following are the supported values:

• 1: Generates a numeric OTP.
• 2: Generates an alphanumeric OTP.

length

No

The length of the OTP.

type

No

The type of the OTP. Following are the supported values:

• HOTP
• TOTP

provisioningAttributes

No

User attributes that must be set at the time of issuing the credential.

customCardAttributes

No

Additional attributes that you need to pass for the ArcotID OTP-OATH credential in the name-value pair format. These attributes are added in the card.

accountType

No

The Primary Account Number (PAN) of the EMV card.

attributeForPanSequence

No

The user account attribute that contains the PAN sequence, which identifies and differentiates cards with the same PAN.

provisioningAttributes

No

User attributes that must be set at the time of issuing the credential.

emvAttributes

No

EMV-specific attributes.

customCardAttributes

No

Additional attributes that can be added at the time of issuing the credential. These attributes are added in the card.