Bluetooth Method
The Bluetooth content area enables administrators to establish, configure, enable and maintain Bluetooth devices, which includes the in-range and out-of-range behaviors along with the range type and prompt time.
There are four OTP content areas.
Content area | Description |
---|---|
Profile List | Profile ListProfile List provides an overview of the configured Bluetooth Profiles, including the configured policy. |
Policies | Policies provides the ability for organizations to establish Bluetooth usage policies and selection criteria for securing OTP Tokens protected with a timeout of the token and max attempts. |
New Profile | New Profile provides the ability for organizations to create custom profiles that can pair with Bluetooth policy with Sets and assigned to users. |
New PIN Policy | New PIN Policy provides the ability to create custom PIN policies for Bluetooth authentication. |
Bluetooth - Profile List
By default, RapidIdentity Server has a single profile for Bluetooth.
The Default profile contains a default PIN Policy with these settings.
Setting | Setting |
---|---|
Require PIN | Yes. User must provide PIN in addition to fingerprint to login but not to unlock a locked session. |
In Range Behavior | 0. This value indicates “none”. |
Out of Range Behavior | 1. This value indicates “lock”. |
Out of Range Type | 2. This value indicates “prompt keypress cancel”. |
Prompt time (seconds) | 20. |
Secure Logon Password (required) | No. If set to “Yes”, a user’s password will be randomized and unknown to the user upon enrollment. |
Administrators can remove a profile by clicking Delete or edit a profile by clicking Edit.
Bluetooth - Edit Profile
After editing the Bluetooth Profile settings, click Save or Cancel to discard.
Bluetooth - PIN Policies
The PIN Policies content area provides the ability for organizations to create custom PIN policies and edit out-of-the-box PIN policies.
Bluetooth PIN Policies function identically to Biometric PIN Policies.
Bluetooth - New Profile
In order to assign a new Profile to a Set, administrators must first create the new Profile.
Follow these three steps to create a new Profile.
Click New Profile.
Enter a Name and Description and modify the criteria as needed.
Choose Require a PIN for Workstation Logon if the user is to be prompted for a password when presenting their authentication method.
Choose Do NOT Require PIN for Workstation Unlock when the system is locked and the user presents their authentication method. The user will NOT be asked to enter a password.
Choose Secure Logon Password has a default set to No. If this is enabled, when the user presents their finger to the reader the user’s password will be randomized and unknown to the user.
Click Save or Cancel to discard.
Bluetooth - New PIN Policy
To create a new PIN Policy, click New PIN Policy.
Name the new policy and adjust the criteria as necessary. When complete, click Save or Cancel to discard.
Field | Description |
---|---|
Name | The name of the PIN Policy. |
Attempts until PIN is Blocked | This number represents how many incorrect attempts can be made before the RapidIdentity Windows Client will block the user’s login process. |
Number of PINs to Keep in History | This number determines how many PINs are stored at a given time. |
Minimum/Maximum PIN Length | Determines the length of the PIN that is used on enrollment and logging into the system. |
PIN Expiration Days | Determines how long the registered PIN will last before expiring. |
PIN must meet complexity requirements | Determines how complex the PIN must be. |
Windows Password as PIN | The user’s Active Directory password will be used as PIN. |
No more than three repeated characters | PIN cannot have three repeated characters. (Example: 111, 444) |
No more than three consecutive characters | PIN cannot have consecutive characters. (Example: 123, 456) |
Must contain alpha and numeric characters | PIN must have both a letter and number. (Example: A1B, C2D) |
Must only contain numeric characters | PIN can only have numbers. (Example: 159, 753) |
Must contain special characters | PIN must have a special character. (Example: !23, @34) |
Number of PINs to Keep in History | This number determines the number of PINs we would remember before allowing those previous PINs to repeat. |
Risk-Based PIN | RBA will prompt when the RapidIdentity Windows Client detects a different type of authentication upon login. |
Use PingMe instead of PIN | The user authenticates with PingMe during Bluetooth authentication instead of entering a PIN. |