Configuration Views
ActivID Appliance configuration data is available as a set Oracle views.
External System Configuration
LDAP Repositories
Table name - LDAPREPOSITORIES_VIEW
| Name | Data type(Max length) | Description |
|---|---|---|
|
LDAPDSCODE |
Char(20) |
Unique ID |
|
LDAPDSNAME |
Char(100) |
User repository name ( label) |
|
LDAPADAPTERCODE |
Char(20) |
MS Active Directory or Oracle Directory Server or Novell eDirectory |
|
DIRSERVER |
Char(100) |
LDAP host |
|
BKUPSERVER |
Char(100) |
LDAP backup Host |
|
DIRPORT |
Char(5) |
LDAP Host port |
|
BKUPPORT |
Char(5) |
LDAP backup port |
|
DIRSERVERSECURE |
Char(5) |
True/false |
|
BKUPSERVERSECURE |
Char(5) |
True/false |
|
TIMEOUT |
Char(20) |
Connection timeout |
|
BASEDN |
Char(200) |
LDAP Base node |
|
USERNAME |
Char(255) |
Login user DN |
|
USERCLASS |
Char(50) |
Example: Person |
|
GROUPMBRATT |
Char(50) |
The group object class used to determine if an entry is a group |
|
EXTREFATTNAME |
Char(50) |
Example: sAMAccountName |
|
GRPMEMBRATTNAME |
Char(50) |
Example: memberof |
|
USERSTATUSATTNAME |
Char(50) |
Name of the LDAP attribute checked at authentication for user account status |
|
USERFILTER |
Char(50) |
LDAP user filter |
|
GUIDATTNAME |
Char(50) |
Example: objectguid |
|
CACERTIFICATEALIAS |
Char(50) |
LDAPS cert alias |
|
ATTRIBUTES |
Char(variable up to 4000) |
List of couples (ActivID attribute name, LDAP attribute name). Example: (E-Mail Address, mail),(First Name,sAMAccountName), (Last Name, name) |
|
REFSTRATEGY |
Char(10) |
Follow all referrals vs Follow only listed referrals |
|
REFERRALS |
Char(variable up to 4000) |
List of referrals servers ( Host, Port) |
|
GROUPMAPPING |
Char(variable up to 4000) |
List of (Group Name, Group Type, Base DN) where Group Type is User Type or Admin Group |
|
ROLEMAPPING |
Char(variable up to 4000) |
Role Binding: List of (Role name, Attribute) |
Delivery Gateways
Table name - DELIVERYGW_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
ID |
Num(28) |
Unique ID |
|
NAME |
Char(50) |
Delivery Gateway name. For example, “corp mail server” |
|
DESCRIPTION |
Char(100) |
Example “Email delivery” |
|
PROVIDER |
Char(20) |
Delivery provider name:
|
|
PROVIDERPARAMS |
Char(variable up to 4000) |
Provider parameters. Array of param=value, comma separated |
RADIUS Configuration
Table name - RADIUSCFG_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
REALM |
Char(100) |
Realm Proxy policy: Realm, Strip username/do not strip username, Forward server (that is, External RADIUS Server Host) |
|
HOST |
Char(100) |
External RADIUS server Host name or IP |
|
PORT |
Char(100) |
External RADIUS server port |
|
LASTMODIFIEDDATE |
Date |
Last update of this configuration |
|
STRIPREALMFLAG |
Username policy |
TRUE = Strip Realm name from username FALSE = Do not Strip Realm name from username |
Threat Detection (RMS) Configuration
Table name - TMCONFIG_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
URL |
Char(256) |
HID RMS server URL |
|
TIMEOUT |
Char(10) |
HID RMS connection time out |
|
CNAME |
Char(50) |
|
|
API_USER |
Char(variable up to 4000) |
|
|
TM_CHANNEL_ID |
Char(variable up to 4000) |
Channel ID used for requests |
|
TM_GDPR_DATA_CONSENT |
Char(variable up to 4000) |
Your organization’s General Data Protection Regulation (GDPR) policy regarding data privacy and user consent (for example, via terms and conditions or consent capture). It is defined at the server level and applies to all users. Can be True or False. |
|
THRESHOLD_REJECT |
Char(variable up to 4000) |
Global Reject threshold |
|
THRESHOLD_BLOCK |
Char(variable up to 4000) |
Global Block threshold |
|
THRESHOLD_REJECT_STEP_UP |
Char(variable up to 4000) |
Global Reject threshold for step-up authentication |
|
THRESHOLD_BLOCK_STEP_UP |
Char(variable up to 4000) |
Global Block threshold for step-up authentication |
|
CONFIG_LIST |
Char(variable up to 4000) |
Step-up configuration |
|
THRESHOLD_D_REJECT |
Char(variable up to 4000) |
Reject threshold specific for device risk score (if configured) |
|
THRESHOLD_D_BLOCK |
Char(variable up to 4000) |
Block threshold specific for device risk score (if configured) |
|
THRESHOLD_D_REJECT_STEP_UP |
Char(variable up to 4000) |
Reject threshold specific for device risk score for step-up authentication (if configured) |
|
THRESHOLD_D_BLOCK_STEP_UP |
Char(variable up to 4000) |
Block threshold specific for device risk score for step-up authentication (if configured) |
|
THRESHOLD_U_REJECT |
Char(variable up to 4000) |
Reject threshold specific for user risk score (if configured) |
|
THRESHOLD_U_BLOCK |
Char(variable up to 4000) |
Block threshold specific for user risk score (if configured) |
|
THRESHOLD_U_REJECT_STEP_UP |
Char(variable up to 4000) |
Reject threshold specific for user risk score for step-up authentication (if configured) |
|
THRESHOLD_U_BLOCK_STEP_UP |
Char(variable up to 4000) |
Block threshold specific for user risk score for step-up authentication (if configured) |
|
THRESHOLD_S_REJECT |
Char(variable up to 4000) |
Reject threshold specific for session risk score (if configured) |
|
THRESHOLD_S_BLOCK |
Char(variable up to 4000) |
Block threshold specific for session risk score (if configured) |
|
THRESHOLD_S_REJECT_STEP_UP |
Char(variable up to 4000) |
Reject threshold specific for session risk score for step-up authentication (if configured) |
|
THRESHOLD_S_BLOCK_STEP_UP |
Char(variable up to 4000) |
Block threshold specific for session risk score for step-up authentication (if configured) |
|
THRESHOLD_A_REJECT |
Char(variable up to 4000) |
Reject threshold specific for action risk score (if configured) |
|
THRESHOLD_A_BLOCK |
Char(variable up to 4000) |
Block threshold specific for action risk score (if configured) |
|
THRESHOLD_A_REJECT_STEP_UP |
Char(variable up to 4000) |
Reject threshold specific for action risk score for step-up authentication (if configured) |
|
THRESHOLD_A_BLOCK_STEP_UP |
Char(variable up to 4000) |
Block threshold specific for action risk score for step-up authentication (if configured) |
Policies and System Configuration
Authentication Policies
Table name - AUTHPOLICIES_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
AUTHENTICATIONTYPECODE |
Char(10) |
Authentication policy code Unique ID |
|
NAME |
Char(50) |
Authentication Policy Name |
|
DELIVERYGATEWAYS |
Char(variable up to 4000) |
Linked OOB delivery gateways. List of delivery gateway for this authentication, ordered and separated by ‘|’ |
|
ATNOTES |
Char(100) |
Authentication policy description |
|
BASEAUTHENTICATIONTYPECODE |
Char(10) |
Base authenticator required |
|
DIRECTAUTHENTICATIONTYPECODE |
Char(10) |
The ID of the Authentication policy of a direct user |
|
AUTHENTICATIONCLASSCODE |
Char(10) |
DEVICE/SQ/LOGIN |
|
DEFAULTEXPIRYTHRESHOLD |
Num(28) |
Number that is used when an authenticator of this type is created. The expiry threshold is the number of times an authenticator can be used successfully |
|
DISABLETHRESHOLD |
Num(28) |
The disable threshold is the number of times a user can in succession fail to authenticate before the authenticator is disabled |
|
DEFAULTMDGROUPID |
Num(28) |
The ID of the default Memorable data group associated to the authentication type |
|
NUMBEROFSEEDS |
Num(28) |
Number of seeds required for seeded authentication |
|
USERNAMECONSTRAINTS |
Char(1000) |
Constraints on the characters/length etc of usernames of users that use this authentication type |
|
PASSWORDCONSTRAINTS |
Char(1000) |
In case of class login authentication policy. List of enabled constraints among the following :
|
|
DEFAULTVALIDDAYSADD |
Num(28) |
This property holds the number of days an authenticator of this type is valid in case of creation |
|
DEFAULTVALIDDAYSEDIT |
Num(28) |
This property holds the number of days an authenticator of this type is valid in case a password is changed. |
|
SESSIONTIMEOUT |
Num(28) |
Session timeout default |
|
SESSIONVALIDPERIOD |
Num(28) |
Session valid period |
|
FAILUREDISPLAY |
Char(10) |
To display the failure messages or not |
|
ALLOWEXPIREDRESET |
Num(28) |
The number of times an expired authenticator can request reset |
|
AUTHENTICATIONADAPTERCODE |
Char(20) |
The ID of the adapter used for authentication |
|
AUTHENTICATORMANAGERADAPTRCODE |
Char(20) |
The code of the manager adapter |
|
CHALLENGEHANDLING |
Char(2) |
The allowed challenge types |
|
PINMAILERFORMATCODE |
Char(2) |
The format for PIN reset |
|
CHALLENGEDISABLETHRESHOLD |
Num(28) |
The number of times a challenge can be requested without authentication |
|
CHALLENGETIMEOUTPERIOD |
Num(28) |
The validity period of a challenge issued for this authentication type |
|
SUPPORTSONLYINDIRECT |
Num(28) |
An indication of whether this Authentication type only supports indirect authentication |
|
ALLOWEDCHANNELS |
Char(variable up to 4000) |
List of enabled channels |
|
ALLOWEDCREDENTIALS |
Char(variable up to 4000) |
List of compatible credential types |
|
ADVANCEDPARAMS |
Char(variable up to 4000) |
Authentication Adapter parameter: Param=Value array separated by ‘|. Mainly “Level of Assurance service name” and “Disabled time reset (s)” parameters. |
Device Types
Table name - DEVICETYPES_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
CODE |
Char(10) |
Device type code unique ID |
|
NAME |
Char(50) |
Device type Name |
|
DESCRIPTION |
Char(500) |
Device type description |
|
MANUFACTURER |
Char(50) |
Device manufacturer |
|
SUPPORTEDAUTHMETHOD |
Char(2) |
Supported authentication methods: Synch, asynch , both |
|
SUPPORTSUNLOCK |
Char(1) |
Device unlock: a Boolean to indicate whether the device has a lock/unlock function |
|
SUPPORTEDSYNCMETHOD |
Char(2) |
Types of resynchronization of devices manual or automatic or both (BO=Both, AU=Automatic, MA=Manual,NO=Not supported) |
|
SUPPORTSPIN |
Char(1) |
Indicates that devices of this type use a soft pin. E.g. a PIN that is not generated by the device but must be concatenated with the OTP to authenticate |
|
SUPPORTSSIGN |
Char(1) |
Supports transaction data signing |
|
SYNCBASE |
Char(2) |
Type of device, none/clock/event/both |
|
SYNCAUTHCODELENGTH |
Num(28) |
The length of the synchronous OTP the device will generate |
|
ASYNCAUTHCODELENGTH |
Num(28) |
The length of the asynchronous OTP the device will generate |
|
CHALLENGELENGTH |
Num(28) |
The length of the challenge that the device will issue |
|
UNLOCKCHALLENGELENGTH |
Num(28) |
The length of an unlock challenge |
|
AUTOSYNCEVENTCOUNTEROFFSET |
Num(28) |
Synch Counter range: the default offset to use when autosynchronising the device via the event counter |
|
AUTOSYNCSTARTTIMEOFFSETSECS |
Num(28) |
Synch Time offset start |
|
AUTOSYNCENDTIMEOFFSETSECS |
Num(28) |
Synch Time offset stop |
|
PINMINLENGTH |
Char(2) |
Minimum length of soft pin |
|
PINMAXLENGTH |
Char(2) |
Maximum length of soft pin |
|
PINPOSITION |
Char(1) |
Whether the soft PIN should be prepended or appended (or either) to the OTP |
|
DEFAULTSOFTPIN |
Char(16) |
Default soft pin to be set on device import |
|
DEFAULTCREDTYPECODE |
Char(50) |
Default credential type when importing devices |
|
AUTHSDKDEVTYPE |
Num(4) |
Integer that represents the device type according to the AuthSDK |
|
DEVICEADAPTER |
Char(20) |
Defines the adapter class to be used to handle this device type |
|
ADAPTERPARAMS |
Char(variable up to 4000) |
Parameters used o initialize the device adapter. Param=Value array separated by ‘|’ |
Credential Types
Table name - CREDENTIALTYPES
| Name | Data type (Max length) | Description |
|---|---|---|
|
CREDENTIALTYPECODE |
Char(50) |
Credential type unique ID |
|
CREDENTIALADAPTER |
Char(50) |
Identifies credential adapter for implementing the behaviors |
|
NAME |
Char(50) |
Credential type name |
|
DESCRIPTION |
Char(500) |
Credential type description |
|
LASTMODIFIEDDATE |
Date |
The date the credential type was last modified |
|
ADDEDDATE |
Date |
The date the credential type was created |
|
STARTDATE |
Date |
The beginning of the validity period for the credential type |
|
EXPIRYDATE |
Date |
The expiry date of the credential type |
|
STATUS |
Char(20) |
Credential status. |
|
CREDENTIALFIELDTYPE |
Char(50) |
Name of the credential attribute |
|
SEARCHFIELD1TYPE |
Char(50) |
Name of the attribute matching this field |
|
SEARCHFIELD2TYPE |
Char(50) |
Name of the attribute matching this field |
|
SEARCHFIELD3TYPE |
Char(50) |
Name of the attribute matching this field |
|
SEARCHFIELD4TYPE |
Char(50) |
Name of the attribute matching this field |
|
DATAFIELD1TYPE |
Char(50) |
Name of the attribute matching this field |
|
DATAFIELD2TYPE |
Char(50) |
Name of the attribute matching this field |
|
DATAFIELD3TYPE |
Char(50) |
Name of the attribute matching this field |
|
DATAFIELD4TYPE |
Char(50) |
Name of the attribute matching this field |
|
ADAPTERPARAMS |
Char(variable up to 4000) |
List of (parameter, value ) pairs |
Adapters Configuration
Table name - ADAPTERSCONFIG_VIEW
(Includes default adapters configuration for SAML configuration / delivery GW)
| Name | Data type (Max length) | Description |
|---|---|---|
|
ID |
Num(28) |
Adapter Configuration Unique ID |
|
NAME |
Char(50) |
Configuration name |
|
DESCRIPTION |
Char(100) |
Description of this configuration |
|
ADAPTERCODE |
Char(20) |
Adapter provider |
|
ADAPTERTYPE |
Char(20) |
OOB = Delivery adapters configuration PROCS = Authentication process adapter (mainly SAML) |
|
ADAPTERPARAMS |
Char(variable up to 4000) |
List of (parameter, value ) pairs |
Channels
Table name - CHANNELS
| Name | Data type (Max length) | Description |
|---|---|---|
|
CHANNELCODE |
Char(50) |
Unique channel identifier |
|
NAME |
Char(50) |
Channel Name Example: “Business Banking Portal” |
|
DESCRIPTION |
Char(100) |
Channel description |
|
TYPE |
Num(2) |
Type of channel: 0= Generic / 1 = RADIUS / 2 = SAML service provider |
|
LASTMODIFIEDDATE |
Date |
The date the channel was last modified |
|
GATE_ADDRESSES |
Char(variable up to 100) |
For RADIUS channels, list of Authorized IP addresses or host names. Separated by ‘;’. |
|
USER_TYPE |
Num(2) |
User or device centric authentication identifier |
|
USER_STRIPNTDOMAIN |
Char(1) |
A Boolean to determine if the IP domain should be stripped for a user’s username |
|
USER_STRIPIPDOMAIN |
Char(1) |
A Boolean to determine if the MS Windows domain should be stripped for a user’s username |
|
USER_PREFIX |
Char(50) |
A default prefix to be added to a user’s username when authenticating over this channel |
|
USER_SUFFIX |
Char(50) |
A default Suffix to be added to a user’s username when authenticating over this channel |
|
CHALLENGEPROMPT |
Char(50) |
The text that will be sent when a challenge is issued over the channel |
|
CHALLENGEKEYWORD |
Char(50) |
The RADIUS keyword to request a challenge |
|
CHALLENGERESPONSEPROMPT |
Char(50) |
The text that will prompt the user to send the response to the challenge issued over this channel |
|
FB_AUTHNTYPECODE |
Char(10) |
The authentication type to use for ‘fallback’ LDAP authentication |
|
AUTHN_FAILUREPOLICYCODE |
Char(10) |
The failure policy to use for accounting |
|
ACCT_FAILUREPOLICYCODE |
Char(10) |
The failure policy to use for authentication |
|
AUTHPOLICIES |
Char(variable up to 4000) |
List of authentication policies allowed on this channel |
|
AUTHZPROFILES |
Char(variable up to 4000) |
Authorization rules for this channel. List of authorization profiles configuration separated by ‘|’ |
Authorization Profiles
Table name - AUTHZPROFILES_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
CODE |
Char(20) |
Unique ID |
|
NAME |
Char(50) |
profile Name |
|
PROFILENOTES |
Char(100) |
Description |
|
DICTCODE |
Char(25) |
Dictionary ID |
|
TYPE |
Num(28) |
0=check before profile 1=send after profile |
|
ATTRIBUTES |
Char(variable up to 4000) |
List of attributes separated by ‘|’. Each entry is: ATTNAME=ATTTYPE;ATTVALUE ATTTYPE is 0 for Static value, 1 for Dynamic value |
Assets
Table name - ASSETS_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
ASSETID |
Num(28) |
Unique identifier, set implicitly by ActivID Appliance |
|
ASSETCODE |
Char(20) |
External Unique identifier set & updated explicitly through the public API. |
|
NAME |
Char(50) |
Asset Name |
|
DESCRIPTION |
Char(100) |
Asset description |
|
ASSETGROUPCODE |
Char(20) |
The ID of the asset group to which this asset set belongs |
|
ASSETGROUPNAME |
Char(50) |
The Name of the asset group to which this asset set belongs |
|
ASSETSETS |
Char(variable up to 4000) |
List of AssetSet Codes this asset belong to (separated by ‘|’) Each list entry has the following format ASSETSETCODE=ASSETSET description |
Q&A Groups
Table name - MDGROUPS_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
MDGROUPID |
Num(28) |
Unique identifier, set implicitly by ActivID Appliance |
|
AUTHENTICATIONTYPECODE |
Char(20) |
Authentication policy code Unique ID. |
|
PROMPTSREQUIRED |
Char(50) |
Number of prompts required for authentication |
|
PROMPTSTODISPLAY |
Char(100) |
Number of prompts to display |
|
PROMPTSTOCREATE |
Char(20) |
Number of prompts required for a MD Authenticator creation |
|
CREATIONDATE |
Char(50) |
Date of creation of this group |
|
MDPROMPTS |
Char(variable up to 4000) |
List of MDprompt Codes this asset belong to (separated by ‘|’) Links to MDPROMPTS_VIEW.MDPROMPTCODE |
Security Questions
Table name - MDPROMPTS_VIEW
| Name | Data type (Max length) | Description |
|---|---|---|
|
MDPROMPTCODE |
Num(28) |
Unique identifier of this prompt |
|
MDPROMPT |
Char(20) |
Prompt to display |
|
MDPROMPTNAME |
Char(50) |
Prompt name |
|
CONSTRAINTS |
Char(100) |
Constraints for answers to this prompt |
