User linking can be performed manually or automatically. These default settings apply to both methods of user linking. Default global settings are configured for user linking for each StoneGate authentication method. These default settings include:
Table 10.4 Time-Out Settings
Setting Description
Max Inactivity Time
Maximum user inactivity time in minutes (0-1440) before re-authentication is required.
Set to 15 by default.
Session Time-out Validity time in minutes (0-1440) for a session in the system.
Set to 30 by default.
Absolute Time-out
Time in minutes (0-1440) since the user was last authenticated with required authentication method, before re-authentication is required, independent of user activity.
Set to 720 by default.
Time-out Warning
Time in seconds (0-3600) before user is warned and prompted to re-authenticate.
Set to 60 by default.
Active Users Time-out
Time in minutes (0-1440) allowed for the user to authenticate after a re-authentication prompt is triggered.
Set to 15 by default.
Table 10.5 Global Settings for User Linking
Setting Description
Enable authentication method after user linking
Defines whether an authentication method is enabled after user linking.
Managing Global User Account Settings 91 The general settings for user linking allow you to define when StoneGate authentication is enabled for user linking, and to select the notification method.
Generate password/
PIN
When selected, the password/PIN is created automatically when user linking is used.
Password/PIN can be retrieved automatically if a user storage attribute has been specified on the Directory Mapping tab in the Manage User Storage section.
Select Generate Password for an automatically created password. When selected, directory mapping is not performed.
Password/PIN never
expires When selected, the password/PIN does not expire when user linking is used User cannot change
password/PIN
When selected, users cannot change the password/PIN when user linking is used
User must change password/PIN at next logon
When selected, users are required to change password/PIN at next logon when user linking is used
Use password from directory service
When selected, the password used in the applicable directory service is used for authentication when user linking is used
This option is only available for the following authentication methods:
StoneGate Mobile Text and StoneGate Password.
Table 10.6 StoneGate Authentication Settings for User Linking
Setting Description
Enable Stonegate Authentication When Manually Linking the User
Select to enable StoneGate Authentication when manually linking the user.
Enable Stonegate Authentication When Automatically Linking the User
Select to enable StoneGate Authentication when automatically linking the user.
Notification
When StoneGate authentication is enabled for automatic user linking, you are also required to select notification method. Available options are: By E-mail and By SMS.
Table 10.5 Global Settings for User Linking (Continued)
Setting Description
92 Chapter 10 Managing User Accounts
Enabling StoneGate authentication for manual or automatic user linking makes the list of authentication methods visible. Optional settings for each authentication method are displayed when the authentication method is enabled. The following settings are available:
Table 10.7 Optional Settings for StoneGate Mobile Text
Setting Description
Enable StoneGate
Mobile Text Defines whether Mobile Text authentication is enabled after user linking.
Generate password Defines whether a password is automatically created for the user.
Password never
expires When selected, the password is always valid.
User cannot change
password Defines whether the user can change the password.
User must change password on next
logon When selected, the user must change the password at the next logon.
Use password from
directory service Defines whether the password from the directory service is used.
Table 10.8 Optional Settings for StoneGate Web
Setting Description
Enable StoneGate
Web Defines whether Web authentication is enabled after user linking.
Generate password Defines whether a password is automatically created for the user.
Password never
expires When selected, the password is always valid.
User cannot change
password Defines whether the user can change the password.
User must change password on next logon
When selected, the user must change the password at the next logon.
Table 10.9 Optional Settings for StoneGate Challenge
Setting Description
Enable StoneGate
Challenge Defines whether Challenge authentication is enabled after user linking.
Managing Global User Account Settings 93 Generate PIN Defines whether a PIN is automatically created for the user.
PIN never expires When selected, the PIN is always valid.
User cannot change
PIN Defines whether the user can change the PIN.
User must change
PIN on next logon When selected, the user must change the PIN at the next logon.
Generate seed Not editable.
Table 10.10 Optional Settings for StoneGate Password
Setting Description
Enable StoneGate
Password Defines whether Password authentication is enabled after user linking.
Generate password Defines whether a password is automatically created for the user.
Password never
expires When selected, the password is always valid.
User cannot change
password Defines whether the user can change the password.
User must change password on next
logon When selected, the user must change the password at the next logon.
Use password from
directory service Defines whether the password from the directory service is used.
Table 10.11 Optional Settings for StoneGate Synchronized
Setting Description
Enable StoneGate
Synchronized Defines whether Synchronized authentication is enabled after user linking.
Generate PIN Defines whether a PIN is automatically created for the user.
PIN never expires When selected, the PIN is always valid.
User cannot change
PIN Defines whether the user can change the PIN.
Table 10.9 Optional Settings for StoneGate Challenge (Continued)
Setting Description
94 Chapter 10 Managing User Accounts