Additional Settings

You can set other passcode properties in the One-Time Password (OTP) Administration user interface (UI), which are applicable for all OTP users and applications.

Context

You can set the following additional properties:
  • System name

    The system name property indicates the provider of the secret key.

    Note
    The default value is an empty string.

  • Default validity in days

    This is the initial validity in days of the time-based one-time password (TOTP) secret key. It can be changed later under the User Management tab.

    Note

    The default value is 365

    Note

    You cannot set a new default validity for an already setup account because the default validity is taken into consideration only when a user account is initially set up.

  • Expiration warning period

    This is the period in days before the secret key expiration. When this period starts, users receive warning messages prompting them to update their accounts.

    Note

    The default value is 14.

    Depending on the validity and expiration period set in the One-Time Password Administration UI, following operations are allowed:

    Secret Key Validity

    Can use the passcode for authentication?

    Can register new device on the Mobile Device Setup page?

    Can disable device on the Mobile Device Setup page?

    Expiration Warning Period is not reached

    		 Yes Yes Yes

    During Expiration Warning Period

    		 Yes

    Warning is shown

    		No

    You can disable the registered device and then create a new registration.

    		Yes

    Secret key has expired

    		 No

    Error message is shown that the registration has expired

    		No

    You can disable the registered device and then create a new registration.

    		Yes

    For security reasons, passcode of expired device is required

  • Passcode length

    Note

    The default value is 8 digits.

  • Digest algorithm

    You can define which digest algorithm to be used for the generation of passcodes.

    Note

    The default value is SHA-512.

  • Maximum number of failed logon attempts

    The number of consecutive failed logon attempts after which the user account is locked.

    Note

    The default value is 5.

  • Automatic unlock time

    The period in minutes that a user cannot log on with a passcode because he or she has exceeded the allowed failed logon attempts.

    Note
    The default value is 60.
  • Show secret key

    The setup page shows the secret key or the setup URL (for online account setup) in plain text when the user selects the checkbox below the QR code on the Mobile Device Setup UI.

    Note

    This property is not selected by default.

  • Installation section shown on the Mobile Device Setup UI

    Provided the option is enabled, the UI displays the default installation section if the URL path of the custom installation section is an empty string. You can also set a custom installation section by entering custom URL path and height.

    Note

    By default this option is enabled, the URL path is set to an empty string, and the section's height is 300 pixels.

For the configuration of the additional properties, proceed as follows:

Procedure

  1. Log on to the One-Time Password Administration UI at http(s)://<host>:<port>/ssoadmin/otp.
  2. Choose the Settings tab.
  3. Choose the Edit button.
  4. Configure the additional properties.
  5. Save your settings.