Device limitation per identity

By limiting the number of devices a user can enrol, the system can reduce it’s exposure to unauthorised acces and authenticator sharing among users. This can be achieved through Settings / General / Device Limitation Per Profile section.


image-20230530-104439.png


  • maxDevicesPerProfileKey → this limitation is for all authenticators of a profile

  • maxMobilePhonesPerProfileKey → this limitation is for mobile phones

  • maxFidoKeyPerProfileKey → this limitation is for fido keys

  • maxOtpDevice → this limitation include all otp generators like hardware devices (yubico otp, yubico oath and software devices (google authenticator, microsoft authenticator)

There is also a limitation for SMS but was redundant to specify in the config, because there is just 1 SMS per profile rule in the application. If you have a SMS enrolled and you want to enrol another sms, the old one will be overwritten