Authentication Records
Once authentication policies have been configured, authentication records can be created for individual users. An authentication record is specific to a user. The authentication record keeps track of statistics, such as the number of failed authentications. Each authentication record has a status that can be set to be enabled or disabled. Users can have many authentication records, provided that each has a unique authentication policy.
Login authentication records consist of a single username/password combination. Previous password history is also associated with the Login authentication record.
Authentication records of the Security Questions class reference a specific set of user responses.
Device authentication records can be associated with one or more devices that are assigned to the user.
Changing the status of a user’s authentication record makes the authentication record available or unavailable for authentication.
Authentication records can be used for primary authentication of a user, or for secondary authentication of a user who has already been authenticated.
You can configure ActivID AS for tiered authentication to support increasing levels of security and more complex security policies. Tiered authentication involves the use of more than one authentication method to enable a user to access data and carry out particular actions.
Authentication Record Channel Status
Each authentication record is an instance of an authentication policy. An authentication policy is valid over one or more channels. When it is created, an authentication record is linked to an authentication policy and is, by default, valid for the channel(s) over which the authentication policy is valid.
For example, when an authentication record is linked to an authentication policy that is valid for authentication over the Internet, IVR, and through a call center, the authentication record is valid only over the Internet, IVR, and through a call center.
The status of an individual channel can be changed to place a block on, or to remove a block from, that individual channel for an authentication record. For example, to make an authentication record valid for use over the Internet and for authentication through a call center (but not for authentication through IVR), you can place a block on the IVR channel.
Two functions apply for changing the channel status “Modify primary channel blocks” and “Modify secondary channel blocks.” An authentication can be prevented by placing either a primary or a secondary channel block.
Reserve one of the functions for changes to the channel status of a user’s authentication record made at the request of the user, and reserve the other function for changes to the channel status of a user’s authentication record made for reasons internal to an organization, such as the temporary suspension of a particular channel.