Token templates (2024)

Table of Contents
Passcode policy parameters Operation policy parameters PIN policy parameters Edit a token template FAQs

Token templates provide the operating parameters, such as passcode or PINstrength, for a token. The templates are applied every time a token is enrolled.

The operating parameters in a template vary depending on the token type.In addition, the selection of one option may affect the availability ofanother option.

Token templates are provided for the following token types:

See Also
Design tokens for dummiesNaming | Nord Design SystemDesign Tokens 2.0 — The Ultimate Guide.Naming conventions for design systems

  • eToken
  • GOLD
  • Google Authenticator
  • GrIDsure
  • KT-1
  • KT-2/3
  • KT-4
  • KT-5
  • Legacy 4.X
  • Legacy 5.X
  • Legacy 6.X
  • MobilePASS
  • OATH
  • RADIUS
  • RB
  • SecurID
  • SMS

By default, all tokens use AES 256-bit encryption. Certain third-partytokens use 3DES or OATH. STA applies the strongest algorithm that thetoken type supports.

You can customize the token templates, and therefore token operation, toadapt to changes in your security policy. Customizing a template doesnot affect tokens that are already initialized and does not affecttokens that are assigned to users.

The operating parameters in a template vary depending on the token type.The token templates can include the following parameters:

Passcode policy parameters

ParameterDescription
ModeTokens can operate in either Challenge-Response or Quick Log mode. Quick Log mode is recommended because it greatly simplifies the User logon experience and strengthens security by eliminating the requirement to have the user key a challenge into a token to get an OTP. Default value: Quick Log.
Complexity

The OTPs generated by the token can be comprised of numbers, letters, and additional characters as follows:

  • Decimal: Token generates passcodes comprised of digits from 0-9.
  • Hexadecimal: Token generates passcodes comprised of digits and letters from 0–9 and A-F.
  • Base32: Token generates passcodes comprised of digits and letters from 0-9 and A-Z. (Default value).
  • Base64: Token generates passcodes comprised of digits and letters from 0-9 and Aa-Zz, as well as punctuation.
Encryption

This option determines the hashing algorithm used for signing:

  • SHA1
  • SHA256
  • SHA512
LengthThis option determines the number of characters displayed as the OTP. Options are 5, 6, 7 or 8 characters. For software tokens, the default is 6 characters, although 8 can be configured by request. For hardware tokens, the default depends on how they are programmed in the factory or during operator token initialization.
Synchronization
  • Time-based:Determines the number of seconds the user has to authenticate, before another Passcode needs to be generated.
  • Event-based: Determines the number of clicks the user has to authenticate, before another Passcode needs to be generated.
Display MaskIf set to Telephone Mode, the fourth character of the OTP will always be a dash (“-“). Typically, this is used with a decimal OTP, length of 8. Example OTP: 123-5678. If set to None, the fourth character is unmodified. Example OTP: 12345678. Telephone mode can be used with any token complexity and length setting. Default value: None.
Password/CycleThis option is used in conjunction with Operation Policy (Manual Shut-Off, Auto Shut-Off). Tokens can be limited to generating 1 password per cycle or allow multiple passwords to be generated in a cycle. Default value: Single.

Operation policy parameters

ParameterDescription
Manual Shut-OffIf Enabled, the user can clear the OTP from the display and turn the token off at any time by pressing the appropriate button, depending on the token type. If Disabled, the OTP will be displayed until the Auto Shut-off value expires. Default Value: Disabled.
Auto Shut-OffThis value determines the length of time the password will be displayed, 30, 60 or 90 seconds. On expiration of this value, the token automatically clears the display and shuts off. Default Values: 60.

For tokens with a No PIN or Server-side PIN policy, theselection of Single in combination with Manual Shut-Off set toDisabled means that the token will not generate another passworduntil the Auto Shut-Off value has expired. For example, if the valueis 60 seconds, the user must wait 60 seconds before another password canbe generated.

See Also
Token naming reference

For tokens with a Fixed or User selected PIN, selection ofManual Shut-off set to Disabled means that the token will notgenerate another password until the Auto Shut-Off value has expiredand the user enters their PIN into the token.

Thales recommends using the Operation Policy Group default settings for RB and KTseries tokens configured for QUICKLog operation. Doing so ensures thatthe user must wait at least 60 (default) seconds before the token willgenerate another passcode.

PIN policy parameters

ParameterDescription
PIN Type

This setting determines the type of PIN to be used with the token:

  • No PIN—Means that the user will not use a PIN. The token generated password will be sufficient for authentication.
  • Fixed PIN—Means that the PIN generated for the token during initialization is permanent and cannot be changed without reinitializing the token. This PIN must always be keyed into the token before a password is generated.
  • User-selected PIN—Means that the user must change the PIN generated for the token during initialization before a password will be generated. Thereafter, the user can change the PIN at any time. Note that the PIN change must conform to the minimum requirements for PIN Length, Complexity and Maximum PIN Attempts.
  • Server-side Fixed—Means that the PIN generated for the token at initialization is permanent and cannot be changed without reinitializing the token. This PIN type is evaluated at SafeNet Trusted Access.
  • Server-side User Select—Means that the PIN generated for the token can be changed by the User. The new PIN must conform to the minimum requirements set in the Server-side PIN policy.
  • Server-side Server Select—Means that the PIN generated for the token can be changed, however, the new PIN will be generated by STA and will conform to the minimum requirements set in the Server-side PIN Policy Group on the Policy Admin tab.

Server-side PINs require the user to append or prepend the PIN to the token generated password during login, allowing the PIN to be evaluated by the Virtual Server. For example, if the user PIN is ABCD, and it must be prepended to the password 12345678, the user would enter ABCD12345678 at the password prompt.

All other PIN types require the user to key the correct PIN into the token before a password is generated. In this case, the user provides only the password at the password prompt. For example, if the user PIN is 8432 and the password is 12345678, the user will enter 12345678 at the password prompt. Generally, server-side PINs are used with KT tokens.

Initial PINDetermines the nature of the initial PIN created for a token during initialization. If Random, SafeNet Trusted Access will generate a random PIN that conforms to the minimum PIN Policy options set in the drop-downs for this group for each token during initialization. If Fixed, all tokens will be initialized with the same PIN. Default value: Random
Min. PIN Length

Determines the minimum PIN length that can be used with the token.

  • This option is disabled if PIN Type is set to No PIN. The user will not be required to use a PIN at any time.
  • This option is disabled if PIN Type is set to Server-side Fixed, Server-side User Select, or Server-side Server Select. The user will be required to use a PIN according to the options set in the Server-side PIN Policy Group.
  • This option is enabled if PIN Type is set to Fixed PIN or User selected PIN. This requires that any PIN set for the token meets the indicated minimum number of digits. The range is 1 to 8 digits.
Allow Trivial PINs

If enabled, a PIN may be three or more consecutive numbers (for example, 1234), or three or more identical digits (for example, 2222). Default value: Cleared.

Max. PIN AttemptsDetermines the maximum number of consecutive failed PIN attempts permitted by the token. If this number is exceeded, the token will enter the Locked state and cannot be used for authentication until it is reinitialized. This option is available only if PIN Type is set to Fixed PIN or User selected PIN.
PIN Complexity
  • If PIN Complexity is set to Decimal and Allow Trivial PINs is selected, the user can use a PIN with any consecutive or repeated characters. For example, 1111, 1234, 6543, abcd, aaaa.
  • If PIN Complexity is set to Decimal and Allow Trivial PINs is disabled, the user can use either a Numeric or an alphanumeric PIN, as long as it does not consist of consecutive or repeated characters. For example, aaaa or 1234 are not permitted while 9946, 123682, 321aaa, i6gfaa are permitted.
  • If PIN Complexity is set to Alphanumeric, the user must use an alphanumeric PIN that includes at least one uppercase and one lowercase character, and one number. For example, 1Qazxs8, ajUys36
Allow Biometric PIN

If enabled, subscribers can use a fingerprint sensor or facial recognition instead of typing a PIN to access their MobilePASS+ token. Default value: Disabled. This option requires that:

  • Token Type is set to MobilePASS.
  • PIN Type is set to User-selected PIN.

The Biometric PIN (Touch ID for iOS devices or Windows Hello for Windows devices) policy setting on STA is applied to tokens at the time of enrollment only. After a token is enrolled, policy changes on STA do not affect the availability of the Biometric PIN feature on that token.

Edit a token template

  1. On the STA Token Management console, select Policy >Token Policies.

  2. Click Token Templates.

  3. Select a token Type.

  4. Click Edit and modify the settings, as needed.

    Token templates (1)

  5. Click Apply to apply changes to the template.

Changes to the template are applied to tokens during initialization. Previouslyinitialized tokens are not affected by later changes to a template.

Token templates (2024)

FAQs

What is a token template? ›

Token templates provide the operating parameters, such as passcode or PIN strength, for a token. The templates are applied every time a token is enrolled. The operating parameters in a template vary depending on the token type. In addition, the selection of one option may affect the availability of another option.

Read On
What are chat templates? ›

Chat templates are useful for communications you regularly send to clients. They are also used in pipelines as automations to send automatic notifications to clients.

Discover More Details
What are tokens in Mendix? ›

Tokens are small pieces of information that will be put into the email at runtime. A very basic example, lets say you have users in your app and you would personalize the emails you send to them so that the user name is used in the greeting of the email e.g.

Continue Reading
What are tokens? ›

In general, a token is an object that represents something else, such as another object (either physical or virtual), or an abstract concept as, for example, a gift is sometimes referred to as a token of the giver's esteem for the recipient.

See Details
What is token format? ›

There are nine formats that create tokens based on alphanumeric input. Letters are replaced with letters, numbers are replaced with numbers. Spaces, dashes, and special characters are maintained, except as noted below. RANDOM_TOKEN: creates a token of random characters from the following pool: a-z A-Z 0-9.

Find Out More
What is a template in text? ›

Templates are pre-saved messages that you can quickly insert into any conversation. Templates are shared across your workspace, meaning it's a great way to standardize your message across your team. Avoiding typos and making it easier to get the right message sent to the right person.

Tell Me More
What is a template message? ›

Template messages (prerogative of WhatsApp Business API accounts) are message templates that are used to send a message on WhatsApp to a contact who hasn't been in touch with your company before or who hasn't replied to an existing chat since at least 24 hours.

Show Me More
How to pass a chat assessment test? ›

The test evaluates several key competencies critical for chat-based customer service success, including:
  1. Effective written communication.
  2. Empathy and emotional intelligence.
  3. Quick and accurate problem-solving.
  4. Typing speed and accuracy.
  5. Ability to multitask effectively.

Explore More
What are the 5 tokens? ›

There are 5 types of tokens in python which are listed below:
  • Keywords.
  • Identifiers.
  • Literals.
  • Operators.
  • Punctuators.

Continue Reading
What can tokens be used for? ›

Tokens have a huge range of potential functions, from helping make decentralized exchanges possible to selling rare items in video games. But they can all be traded or held like any other cryptocurrency. “Token” is a word that you hear a lot in cryptocurrency.

Show Me More

What are code tokens? ›

Tokens are small pieces of code that allow you to extract variable information about a file, such as a username or a file location.

Read The Full Story
What are the 4 types of tokens? ›

Types of tokens
  • Access tokens.
  • ID tokens.
  • Self-signed JWTs.
  • Refresh tokens.
  • Federated tokens.
  • Bearer tokens.

See Details
What is a token in API? ›

What is an API token? An API token is a unique identifier used to authenticate a user or application to access an API. It is created by the service provider and must be included in every API request to authorize access to protected resources.

Get More Info Here
What is called a token? ›

Synonyms: voucher, coupon, chit, credit note More Synonyms of token. 3. countable noun. A token is a round flat piece of metal or plastic that is sometimes used instead of money. Some of the older telephones still only accept tokens.

Continue Reading
What is a token document? ›

A token is an instance of a sequence of characters in some particular document that are grouped together as a useful semantic unit for processing. A type is the class of all tokens containing the same character sequence. A term is a (perhaps normalized) type that is included in the IR system's dictionary.

View More
What is an example of a token system? ›

Tokens can be physical objects such as a coin, poker chip, ticket, or sticker, or even a checkmark on a board or piece of paper. With a little creativity, you can create a token system that motivates your learner beyond receiving the backup reinforcer.

View Details
What is an example of a token in a program? ›

There are 6 tokens in C: Identifiers, Keywords, Operators, Strings, Special Characters, Constant. Is printf a token? In short YES. printf is a keyword and all the keywords are a token so printf is a token.

See More
Top Articles
Chemistry 110 - Experiment 4 Addenda
Front Load vs Top Load Washers | Blog | Howards
Fernald Gun And Knife Show
Craigslist Monterrey Ca
Mopaga Game
Obituary (Binghamton Press & Sun-Bulletin): Tully Area Historical Society
Culvers Tartar Sauce
Belly Dump Trailers For Sale On Craigslist
Kitty Piggy Ssbbw
Moving Sales Craigslist
Tinker Repo
Food Universe Near Me Circular
Japanese Mushrooms: 10 Popular Varieties and Simple Recipes - Japan Travel Guide MATCHA
Gas Buddy Prices Near Me Zip Code
Johnnie Walker Double Black Costco
Southland Goldendoodles
N.J. Hogenkamp Sons Funeral Home | Saint Henry, Ohio
Used Safari Condo Alto R1723 For Sale
Delta Rastrear Vuelo
Att U Verse Outage Map
A Man Called Otto Showtimes Near Carolina Mall Cinema
Old Peterbilt For Sale Craigslist
Pickle Juiced 1234
Prima Healthcare Columbiana Ohio
Timothy Kremchek Net Worth
What Time Is First Light Tomorrow Morning
Ippa 番号
Craigslist Georgia Homes For Sale By Owner
Laff Tv Passport
Oriellys Tooele
Vocabulary Workshop Level B Unit 13 Choosing The Right Word
St Anthony Hospital Crown Point Visiting Hours
Cnp Tx Venmo
The best specialist spirits store | Spirituosengalerie Stuttgart
Mudfin Village Wow
Shoecarnival Com Careers
Ghareeb Nawaz Texas Menu
BCLJ July 19 2019 HTML Shawn Day Andrea Day Butler Pa Divorce
Csgold Uva
Darkglass Electronics The Exponent 500 Test
Craigslist Mendocino
20 Mr. Miyagi Inspirational Quotes For Wisdom
Unit 11 Homework 3 Area Of Composite Figures
What is a lifetime maximum benefit? | healthinsurance.org
The Sports Academy - 101 Glenwest Drive, Glen Carbon, Illinois 62034 - Guide
Congruent Triangles Coloring Activity Dinosaur Answer Key
Page 5747 – Christianity Today
The Jazz Scene: Queen Clarinet: Interview with Doreen Ketchens – International Clarinet Association
Muni Metro Schedule
Mail2World Sign Up
San Diego Padres Box Scores
Latest Posts
How Do I Deposit/Withdraw Cryptocurrency on Binance? | how to,deposit,withdraw,withdrawal,guide
Are assessments formative or summative? | Onlineassessmenttool.com
Article information

Author: Cheryll Lueilwitz

Last Updated:

Views: 6154

Rating: 4.3 / 5 (74 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Cheryll Lueilwitz

Birthday: 1997-12-23

Address: 4653 O'Kon Hill, Lake Juanstad, AR 65469

Phone: +494124489301

Job: Marketing Representative

Hobby: Reading, Ice skating, Foraging, BASE jumping, Hiking, Skateboarding, Kayaking

Introduction: My name is Cheryll Lueilwitz, I am a sparkling, clean, super, lucky, joyous, outstanding, lucky person who loves writing and wants to share my knowledge and understanding with you.