Global Settings
RapidIdentity Server is installed with these six default settings.
Authorization Codes are Suppressed
Secure Workflows are Enabled
Role Mapping is Not Enabled
Auto Enroll is Turned Off
Allow synchronization of non-domain users is Enabled
Allow Self-Service of reset credential during validation is NOT Enabled
Clicking each of the six Global Settings links directs administrators to the corresponding module section to update the configuration as desired.
Administrators can also update additional configuration options by clicking the desired checkboxes and if necessary modify the URLs as needed.
Allow synchronization of non-domain users enables administrators to limit the ability of non-domain users to synchronize their data to RapidIdentity Server and applies to local users and users located in other domains.
Synchronization is limited by the domain username and password pair. If a local account contains the same username and password pair as one located in the domain (local = user1/password and domain – user1/password), the user’s data will synchronize to RapidIdentity Server.
Two accounts will be created on RapidIdentity Server, one with the local account information and one with the domain account information. Administrators can distinguish between the two accounts based upon the domain representation in the user lookup menu.
The logic within RapidIdentity Server is to always attempt to authenticate an Authorization Code when the need arises. Therefore, suppressing authorization codes has the true effect of having RapidIdentity Server always assume the user entered their authorization code already and that it was correct.
This increases convenience for the end users and administrators while reducing security, and is especially apparent if secure workflows are enabled and if an authentication set is used which has no secure workflows present (e.g. Smart Card only).
A user attempting to reset their credential (e.g. unblocking a card) will be able to do so without being prompted for any additional information.
Therefore, if this option is suppressed, take care to assign only authentication sets with Secure Workflows with a question set that can be used for Emergency Access into users’ systems with RapidIdentity Windows or Mac Clients.
Administrators can change the policy for this access, but not the actual question set.
Administrators can choose to check or uncheck any of the following options at any time, along with configuring the default timeout for SMS OTP codes and the URLs for the Admin Portal, Mobile Client Provisioning, and RestService for mobile clients.
Allow PingMe for OTP users
Require PIN for PingMe
Allow Unauthenticated One-To-Many Biometric Match
Allow synchronization of non-domain users
Allow Self-Service of reset credential during validation
Send an email when sending an SMS
Enable SMS for OTP codes
Default timeout (in seconds) for SMS OTP codes
Automatically approve workstations for synchronization