>
Policies
> Authenticators.
The Authenticators
page appears.
Before you assign a smart credential to users, review the smart credential authenticators settings, and modify them as required. You can also make changes to the settings after you assign smarts credentials. Changes made are applied to all smart credentials assigned to users in your Identity as a Service account.
IMPORTANT! You must complete the prerequisites before you can create smart credentials. See Manage smart credentials.
Modify smart credential authenticator settings
1. Click
>
Policies
> Authenticators.
The Authenticators
page appears.
2. Select Smart Credential. The Smart Credential settings appears.
3. Set PIN Prompt to either Session or Transaction. This setting defines how the smart credential application prompts the user for their PIN during authentication.
4. Select the Hardware Store setting to store generated keys in hardware as follows:
a. Select Required to store the generated keys in hardware storage. If you select Required, a StrongBox checkbox appears.
b. Select StrongBox to require that Android keys on the device are generated by StrongBox keymaster.
Note: The Required option does not support RSA keys on iOS. In addition, Secure Enclave (iOS hardware storage) only supports NIST Curve P-256.
- or -
a. Select Best Option to allow the device to find the most secure storage for the generated keys.
5. By default the Application Launch Scheme is set to igmobilesc. If you are using your own mobile smart credential app, enter the URL scheme used for the activation URL of your custom mobile application.
6. Set the Session Timeout (min) to the number of minutes a user has to respond to a smart credential authentication challenge. The session can be set to last between 1 to 2 minutes.
7. Select Allow Unsecure Device to allow for the mobile smart credential application to operate on mobile devices with operating systems that have been unlocked to install software that is not approved by the manufacturer of the mobile device.
8. Select Allow Fingerprint Authentication to allow the mobile smart credential application to accept fingerprint authentication instead of PIN .
Note: Device fingerprint authentication could allow the user to fallback to their device PIN. That PIN could be much shorter (4 digits) than the card PIN (8 digits). (See Manage device fingerprint attributes for more information on device fingerprints).
9. Select Change PIN After Activation to force a user to change their Card PIN once they have activated their smart credential application on their Identity as a Service account. The option is selected (true) by default.
10. Select Allow the mobile application to accept facial recognition authentication instead of PIN to enable facial recognition for the application to allow facial recognition instead of a PIN.
11. Set Activation Password Length to the number of digits required for the mobile smart credential activation password.
12. Set Activation Lifetime (min) to the number of minutes a user has to activate their mobile smart credential.
13. Select the Allowed Smart Credentials Definitions from the drop-down list. You can select more than one. A smart credential definition is required to create a smart credential authenticator.
14. Click Save to confirm the changes.