Authentication Records

Once authentication policies have been configured, authentication records can be created for individual users. An authentication record is specific to a user. The authentication record keeps track of statistics, such as the number of failed authentications. Each authentication record has a status that can be set to be enabled or disabled. Users can have many authentication records, provided that each has a unique authentication policy.

Login authentication records consist of a single username/password combination. Previous password history is also associated with the Login authentication record.

Authentication records of the Security Questions class reference a specific set of user responses.

Device authentication records can be associated with one or more devices that are assigned to the user.

Changing the status of a user’s authentication record makes the authentication record available or unavailable for authentication.

Authentication records can be used for primary authentication of a user, or for secondary authentication of a user who has already been authenticated.

You can configure ActivID Appliance for tiered authentication to support increasing levels of security and more complex security policies. Tiered authentication involves the use of more than one authentication method to enable a user to access data and carry out particular actions.

Authentication Record Channel Status

Each authentication record is an instance of an authentication policy. An authentication policy is valid over one or more channels. When it is created, an authentication record is linked to an authentication policy and is, by default, valid for the channel(s) over which the authentication policy is valid.

Note: The channel status of an authentication record defines whether or not the authentication record is valid over the particular channel.

For example, when an authentication record is linked to an authentication policy that is valid for authentication over the Internet, IVR, and through a call center, the authentication record is valid only over the Internet, IVR, and through a call center.

The status of an individual channel can be changed to place a block on, or to remove a block from, that individual channel for an authentication record. For example, to make an authentication record valid for use over the Internet and for authentication through a call center (but not for authentication through IVR), you can place a block on the IVR channel.

Two functions apply for changing the channel status “Modify primary channel blocks” and “Modify secondary channel blocks.” An authentication can be prevented by placing either a primary or a secondary channel block.

Reserve one of the functions for changes to the channel status of a user’s authentication record made at the request of the user, and reserve the other function for changes to the channel status of a user’s authentication record made for reasons internal to an organization, such as the temporary suspension of a particular channel.

Note: When interfacing through the Public API, the calling system first must complete a direct-user authentication. All subsequent calls must include the ALSI. This removes the need for the calling system to re-authenticate each times it calls the Public API.