General
Name | Basic Description | Default value |
---|---|---|
App Name Identifier | Server identifier; used when generating client certificates and metrics management | |
Business Adaptor Dir | Path to business adaptors directory | /opt/veridiumid/tomcat/adaptors |
Enrollment Timeout | Seconds while a complete enrollment must be fulfilled | 301 |
Enable Generic Integration | Turned on | |
Device Recognition | Apply heuristics to detect returning devices. | Turned off |
Replace Device When One Device Per Account | If only one device is allowed per account, when an enroll is tried for a new device the existing device is automatically removed. | Turned off |
Allowed Phone Manufacturers | Restrict Veridium system usage to the phone manufacturer list | |
OPA | Port - Port where OPA accepts connections. | 8181 |
Host - Address of OPA server. | 127.0.0.1 | |
Protocol - Port where OPA accepts connections. | HTTP | |
FIDO settings | Fido Origin - The Origin use by the VID server when proxy the request to Fido | |
Fido Alliance Cert - The Fido Alliance cert used for download attestations | ||
Fido URL - The Fido Service Url | ||
FIDO Origin | ||
Session Timeout | Seconds after a session is timeout | 60 |
Authentication Max Retries | Number of maximum authentication retries, after which the account gets locked by setting its status to REACTIVATE_DEVICE | 1 |
Max Resend Code | Maximum number of validation code resend operation | 3 |
Sms Max Attempts | Number of maximum attempts for sms authentication, after which session will be FAILED | 3 |
Enabled User Enumeration Protection | Flag to enable user enumeration protection. This will make the error message more generic. | Turned on |
Client IP Location | This section allows for header settings to be taken into account for user access. | |
Identity Token Validity | Seconds after an identity token expires | 36000 |
Otp Tolerance Interval | Number of checks up if One-Time Password is invalid | 50 |
Server License Key | Server license key used to double sign master license + device fingerprint | DOJdjHoqFc4Z2ijQW33V13wu7OJyyiwtC4WtEwTHvZ2t3IGbarob0DbRWPlXFsqXRZgEFaefqDcQX5aYVPZn6Yw== |
Data Protection | Keystore Password | |
Master Key password | ||
Master Key Alias | data-protection-generate | |
Keystore | ||
Enabled - Enable data encryption | Switched on | |
Key Protection - The place where the master key is stored | JCEKS | |
Encoded Secret - Encoded secret used | 7pzjVeV/sAcOei4WS+yZ+UVMx/ | |
Device Limitation Per Profile | Max Devices Per Profile Key* - Total number of devices allowed on profile | -1 |
Max Mobile Phones Per Profile Key* - Total number of mobile phones allowed on profile | -1 | |
Max Fido Key Per Profile Key* - Total fido keys allowed on profile | -1 | |
Max Otp Devices* - Total otp authentication devices allowed on profile | -1 | |
Ad Password Self Manage | Ad Password Self Reset - Flag indicating whether the user can reset his AD password. This can be used when the user no longer knows his password or the password is expired | Turned off |
Ad Password Self Renewal - Flag indicating whether the user can renew his AD password. This can be used when the user knows his password, the password is not expired and he want to change it | Turned off | |
Accept Expired Password - Ignores expired passwords when LDAP Password autheticator is used. In case of Windows Credential Provider, password renewal is mandatory to complete the logon session. | Turned off | |
Create Profile When Authenticated Externally | When the authentication is performed by an external system (e.g. SPNEGO, External PIN, LDAP Password), basically where enrollment and validation are done outside of Veridium and Veridium only audits the authentication results, then an identity is created by default for auditing purposes. | Turned off |
Notifications Enabled | Enable notifications passed in Kafka | Turned on |
Push Auth Disabled | Flag which disable the push auth method on demand | Turned off |
Disable Val1 And Val2 | Flag to disable Val1 and Val2 check | Turned off |
Alerts | Deactivation URL - Deactivation link | |
Mail Template High - Mail template for high severity alert | some mail template high content | |
Mail Template Low - Mail template for low severity alert | some mail template low content | |
Mail Template Reactivation - Reactivation email template (due to x failed authentications) | some mail template reactivation | |
Reactivation URL - Reactivation link after device deactivation | ||
DMZ | DMZ URL * - Dmz URL | |
Websec URL * - Websec connection URL | ||
Licence Quota Alerting | Account Limit Quota* - Threshold percentage until number of accounts exceed licence quota limit | 10 |
Device Limit Quota* - Threshold percentage until number of devices exceed licence quota limit | 10 | |
Lost Mode Scheduler | Scheduler Enabled - Toggle that enable the auto scan of lost mode codes and remove expired one | Turned off |
Scheduler Frequency - Cron based setting that schedules periodic scans to discover expired lost mode codes. | 0 0 0 1 * * |