>
Policies
> Authenticators.
The Authenticators page
appears.
Review the Entrust Soft Token authenticator settings, and edit them as required. Changes made to these settings apply to all assigned Entrust Soft Tokens in your account.
Modify an Entrust ST Authenticator
1. Click
>
Policies
> Authenticators.
The Authenticators page
appears.
2. Select Entrust Soft Token. The Entrust Soft Token settings page appears.
3. Select the OTP Digit Length. This sets the number of digits in the OTP generated by the token.
4. By default the Application Launch Scheme is set to igmobileotp. Change this value is you have a custom mobile application.
5. Optional: Select PIN Required if you want users to enter a PIN.
6. Set the Max. Time Steps to the amount of time (in 30 second intervals) that the token response is valid. The default is 10 (5 minutes).
7. Set the Max. Reset Time Steps to the amount of time (in 30 second intervals) for a token reset. The default is 120 (60 minutes), which is the allowable time difference between the soft token and the server clocks.
Note: If the token reset does not work, try increasing the Max. Time Steps and then try to reset the token again. If the problem continues, contact the Entrust Support Team.
8. Enter the Activation Password Length to set number of characters that can be included in the password assigned to a user.
9. Enter the Activation Lifetime to set the amount of time in seconds that a user has to activate their Entrust ST.
10. Select Allow Unsecure Device to allow the Entrust ST to run on an unsecured device (such as custom ROM Androids or jail-broken iOS devices).
11. Select Allow Device Biometrics Authentication setting has been added to Entrust Soft Token policies to allow the mobile application to be unlocked using the device biometric authentication instead of the token PIN. If disabled, users must enter their PIN to unlock the device.
12. Select the activation methods to include in the Entrust Soft Token Activation Email. You must select at least one option.
13. Select Require Device Verification to require users to perform device verification when they activate their mobile soft token on the mobile soft token app. Device verification ensures that the user's device has a trusted device certificate.
14. Select Require App Verification to require users to perform app verification when they activate their mobile soft token on the mobile soft token app. If you select this option, the following additional settings appear:
● Android Application Package Name
● IOS Application Bundle ID
● IOS Team ID
Note: You only need to change these values if your users use a custom mobile identity app. There is no need to change them for the Entrust Identity app. When App verification is enabled, an attestation from Apple or Google is provided that validates the mobile application performing the activation. This feature ensures token activation occurs only from trusted mobile applications.
15. Select Enable Mutual Challenge to require users to respond to a mutual push authentication challenge. When enabled, users must match the challenge that appears on the IDaaS page with the mutual challenge shown in their Entrust Identity soft token app.
16. Set the Mutual Challenge Length to the number of characters in the mutual challenge.
17. Set the Mutual Challenge Alphabet to the characters that can appear in the challenge.
18. Set the Mutual Challenge for Percent of Requests to set the percentage of challenges presented to a user that contain a mutual challenge.
19. Click Save to confirm changes.