Policies
In this section, the operator can configure the policies for the following options:
- PIN Password Policy
- PUK Password Policy
- Request Settings
Note: The PIN Password Policy and PUK Password Policy sections will appear in the Enterprise Policies screen only if the respective policies have been enabled from the admin portal under Configurations > Policies > Requests.
Any change made in the PIN or PUK Password Policy from this screen will be implemented at the Enterprise level only.
PIN Password Policy
This policy will determine the default values for PIN and govern the process for the automatic generation of these credentials. Any change made in the configurations of PIN Password Policy from this screen will be applied at the Enterprise level only.
When the operator enables the ‘Enable PIN Password Policy’ checkbox, the following fields will appear.
|
Field |
Description |
|
Minimum Password Length |
Defines the minimum number of characters required for a valid password. |
|
Include 1 or more lowercase characters |
If enabled, the password must contain at least one lowercase character. |
|
Include 1 or more uppercase characters |
If enabled, the password must contain at least one uppercase character. |
|
Include 1 or more special characters |
If enabled, the password must contain at least one special character. |
PUK Password Policy
This policy will determine the default values for PUK and govern the process for the automatic generation of these credentials. Any change made in the configurations of PUK Password Policy from this screen will be applied at the Enterprise level only.
When the operator enables the ‘Enable PUK Password Policy’ checkbox, the following fields will appear.
|
Field |
Description |
|
Minimum Password Length |
Defines the minimum number of characters required for a valid password. |
|
Include 1 or more lowercase characters |
If enabled, the password must contain at least one lowercase character. |
|
Include 1 or more upper case characters |
If enabled, the password must contain at least one uppercase character. |
|
Include 1 or more special characters |
If enabled, the password must contain at least one special character. |
Note: Make sure that the PIN/PUK character length configured here matches the length set in the 'PIN/PUK Quality' settings of the "SafeNet Authentication Client" utility. If the values do not match, the system will not reset the PIN/PUK value.
Request Settings
This section allows operators to configure the permitted actions for certificate requests.
Checkbox - Allow operators to create certificates on behalf of the user and facilitate automatic assignment
If this policy is enabled, the operators will have the option to generate certificates for users.
Note: If the certificate is being created for a user who does not exist in the system, a new account will be created for the user along with the certificate.
If the user already has a registered account in the WebRA system, only the certificate will be created. The user will be notified via email about the certificate generation.
Meanwhile, if the user exists in the system but is not part of the enterprise where the certificate is being created, the system will send an invitation for the user to join that enterprise and will generate the certificate as well.
Checkbox - Allow declined requests to be resubmitted
If this policy is enabled, users can resubmit a certificate request that has been declined. This allows them to modify the required details and submit the request again for approval.
Note: All changes made in the options of 'Request' settings from this screen will be applied at the Enterprise level only.
Certificate Settings
ADSS WebRA allows an operator to configure the revocation policies for the virtual ID certificates.
If the operator enables the ‘Remove virtual ID keys upon certificate revocation’, the configuration will be applied at enterprise level only.
With this policy enabled, when a virtual ID certificate is revoked, the system will revoke the certificate and remove the virtual ID keys.
Meanwhile, is this policy is disabled, the system will not remove the virtual ID keys when a virtual ID certificate is revoked.