Skip to main content
Skip table of contents

General

Name

Basic Description

Default value

App Name Identifier

Server identifier; used when generating client certificates and metrics management

http://dev-1.com

Business Adaptor Dir

Path to business adaptors directory

/opt/veridiumid/tomcat/adaptors

Enrollment Timeout

Seconds while a complete enrollment must be fulfilled

301

Enable Generic Integration

Turned on

Device Recognition

Apply heuristics to detect returning devices.

Turned off

Replace Device When One Device Per Account

If only one device is allowed per account, when an enroll is tried for a new device the existing device is automatically removed.

Turned off

Allowed Phone Manufacturers

Restrict Veridium system usage to the phone manufacturer list

OPA

Port - Port where OPA accepts connections.

8181

Host - Address of OPA server.

127.0.0.1

Protocol - Port where OPA accepts connections.

HTTP

FIDO settings

Fido Origin - The Origin use by the VID server when proxy the request to Fido

https://dev1.veridium-dev.com

Fido Alliance Cert - The Fido Alliance cert used for download attestations

Fido URL - The Fido Service Url

https://fido.dev1.veridium-dev.com

FIDO Origin

https://dev1.veridium-dev.com

Session Timeout

Seconds after a session is timeout

60

Authentication Max Retries

Number of maximum authentication retries, after which the account gets locked by setting its status to REACTIVATE_DEVICE

1

Max Resend Code

Maximum number of validation code resend operation

3

Sms Max Attempts

Number of maximum attempts for sms authentication, after which session will be FAILED

3

Enabled User Enumeration Protection

Flag to enable user enumeration protection. This will make the error message more generic.

Turned on

Client IP Location

This section allows for header settings to be taken into account for user access.

Identity Token Validity

Seconds after an identity token expires

36000

Otp Tolerance Interval

Number of checks up if One-Time Password is invalid

50

Server License Key

Server license key used to double sign master license + device fingerprint

DOJdjHoqFc4Z2ijQW33V13wu7OJyyiwtC4WtEwTHvZ2t3IGbarob0DbRWPlXFsqXRZgEFaefqDcQX5aYVPZn6Yw==

Data Protection

Keystore Password

Master Key password

Master Key Alias

data-protection-generate

Keystore

Enabled - Enable data encryption

Switched on

Key Protection - The place where the master key is stored

JCEKS

Encoded Secret - Encoded secret used

7pzjVeV/sAcOei4WS+yZ+UVMx/

Device Limitation Per Profile

Max Devices Per Profile Key* - Total number of devices allowed on profile

-1

Max Mobile Phones Per Profile Key* - Total number of mobile phones allowed on profile

-1

Max Fido Key Per Profile Key* - Total fido keys allowed on profile

-1

Max Otp Devices* - Total otp authentication devices allowed on profile

-1

Ad Password Self Manage

Ad Password Self Reset - Flag indicating whether the user can reset his AD password. This can be used when the user no longer knows his password or the password is expired

Turned off

Ad Password Self Renewal - Flag indicating whether the user can renew his AD password. This can be used when the user knows his password, the password is not expired and he want to change it

Turned off

Accept Expired Password - Ignores expired passwords when LDAP Password autheticator is used. In case of Windows Credential Provider, password renewal is mandatory to complete the logon session.

Turned off

Create Profile When Authenticated Externally

When the authentication is performed by an external system (e.g. SPNEGO, External PIN, LDAP Password), basically where enrollment and validation are done outside of Veridium and Veridium only audits the authentication results, then an identity is created by default for auditing purposes.

Turned off

Notifications Enabled

Enable notifications passed in Kafka

Turned on

Push Auth Disabled

Flag which disable the push auth method on demand

Turned off

Disable Val1 And Val2

Flag to disable Val1 and Val2 check

Turned off

Alerts

Deactivation URL - Deactivation link

https://deactivation.url.com

Mail Template High - Mail template for high severity alert

some mail template high content

Mail Template Low - Mail template for low severity alert

some mail template low content

Mail Template Reactivation - Reactivation email template (due to x failed authentications)

some mail template reactivation
content

Reactivation URL - Reactivation link after device deactivation

https://reactivation.url.com

DMZ

DMZ URL * - Dmz URL

https://dev1.com/dmzwebsec/

Websec URL * - Websec connection URL

https://dev1.com/websec/

Licence Quota Alerting

Account Limit Quota* - Threshold percentage until number of accounts exceed licence quota limit

10

Device Limit Quota* - Threshold percentage until number of devices exceed licence quota limit

10

Lost Mode Scheduler

Scheduler Enabled - Toggle that enable the auto scan of lost mode codes and remove expired one

Turned off

Scheduler Frequency - Cron based setting that schedules periodic scans to discover expired lost mode codes.
Format * * * * * * (second minute hour dayOfMonth month dayOfWeek).

0 0 0 1 * *

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.