Field descriptions for the One-Time Passcode IdP Adapter configuration screen.
Field | Description |
---|---|
Device Selection | Automatic – The adapter uses the method from the
Preferred Delivery Method Attribute or uses
the first delivery method that it matches in the Notification
Delivery Methods list. User Choice – The adapter prompts the user to choose the delivery method. |
Preferred Delivery Method Attribute | The source attribute that contains the user's preferred one-time passcode (OTP)
delivery method. If the user has a valid preferred delivery method attribute, it overrides the Automatic and User choice options above. For
example, you enter OTPPreference in this
field. You also create a user attribute called
When Alice signs on, the
adapter checks her |
Attribute Source | The source of the attribute in the Preferred Delivery Method
Attribute field and the attributes listed in the
Contact Attribute column of the
Notification Delivery Methods table. Select a data store, or select Chained Attributes if the adapter receives the attributes from earlier in the authentication flow. |
Search String | The string that the adapter uses to search the data store to find the user.
The |
Base DN | The base DN that the adapter uses when connecting to an LDAP data store. |
Test User ID | The user ID used to test the configuration on the Actions tab. |
Failure Mode | This setting determines whether the adapter should block the user's sign-on attempt or bypass the OTP requirement when the adapter can't find the user or contact information in the data store or chained attributes. |
Field | Description |
---|---|
OTP Length | Length of the one-time password generated by the adapter. The default value is 6. |
Max OTP Attempts | The maximum number of times the user is allowed to try entering the one-time password
before authentication fails. The default value is 3. |
Max OTP Resends | The maximum number of times the user is allowed to request a specific one-time password
to be sent. After reaching this limit, the Resend
button on the passcode entry prompt no longer resends the
passcode. The default value is 15. |
Show Success Screens | Determines whether the adapter shows an authentication success screen to the
user. This check box is selected by default. |
Show Error Screens | Determines whether the adapter shows an authentication error screen to the user. This check box is selected by default. |
OTP Generator Field |
A read-only value used by the adapter.
CAUTION: Do not
edit this field. This field is hidden in PingFederate 10 and later. |
LDAP Search Scope | When the attribute source is an LDAP data store, this setting determines the scope of the user search. Single Level – Searches the immediate children of the base object, but excludes the base object itself.Include Subtree (default) – Searches all child objects as well as the base object. |