.aui-tabs.horizontal-tabs>.tabs-menu>.menu-item>a {
padding: 10px 20px 10px 20px
}

SecureAuth OATH OTP apps can be configured to wipe all provisioned data if the end-user supplies an invalid PIN the maximum set number of times. The app screen can be configured to automatically lock after a specified number of seconds.

Description / Definition
Failed WipeThe app will automatically delete any user-specific provisioned data if someone enters an invalid PIN 'X number' of consecutive times – this number is configurable by the enterprise administrator
Screen TimeoutThe app will automatically lock itself by presenting the PIN screen after 'X number' of seconds have elapsed – this number is configurable by the enterprise administrator

NOTE: Both features are only applicable if the PIN Lock screen feature is enabled

Applies to
SecureAuth IdP VersionSecureAuth OTP App
8.0+All supported OTP apps (see Mobile Apps)


1. Ensure the iOS or Android version is supported by checking here

2. Download and install the SecureAuth mobile app on the device(s) to be enrolled

3. Configure the OATH Provisioning Realm / App Enrollment Realm in the SecureAuth IdP Web Admin for end-users to register their device(s) for OATH OTP / Multi-Factor App Enrollment

NOTE: The name of the provisioning / enrollment realm has changed since the release of SecureAuth IdP version 8.0 – as of version 9.0.x, the realm is called Multi-Factor App Enrollment Realm which is the name used throughout this document

4. Configure SecureAuth IdP realm(s) in which OATH OTPs are used for Multi-Factor Authentication

1. If using SecureAuth IdP version 8.0, configure OATH settings starting on the Registration Methods tab

If using SecureAuth IdP versions 8.1 to 9.x, configure OATH settings starting on the Post Authentication tab

 

 

2. Scroll down to the OATH Settings section

3. If setting Require OATH PIN to True, optionally set values from the dropdowns for

a. Wipe Provisioned Data after: specify the maximum number of Failed Unlock Attempt(s) permitted, after which provisioned data will be wiped from the app

b. Screen Lockout after: specify the number of Second(s) after which the app screen will lock out the end-user

Click Save once the configuration has been made before leaving the Registration Methods page to avoid losing changes

 

2. Select OATH Provisioning from the Authenticated User Redirect dropdown

 

3. In the Desktop / Mobile App section, if setting Require OATH PIN to True, optionally set values from the dropdowns for

a. Wipe Provisioned Data after: specify the maximum number of Failed PIN Attempt(s) permitted, after which provisioned data will be wiped from the app

b. Show PIN screen after: specify the number of Second(s) after which the PIN screen will appear

Click Save once the configuration has been made before leaving the Post Authentication page to avoid losing changes

 

2. Select SecureAuth App Enrollment from the Authenticated User Redirect dropdown

 

3. In the Security Options section, if setting Require OATH PIN to True, optionally set values from the dropdowns for

a. Wipe Provisioned Data after: specify the maximum number of Failed PIN Attempt(s) permitted, after which provisioned data will be wiped from the app

b. Show PIN screen after: specify the number of Second(s) after which the PIN screen will appear

Click Save once the configuration has been made before leaving the Post Authentication page to avoid losing changes

 

2. Select Multi-Factor App Enrollment - URL from the Authenticated User Redirect dropdown

 

3. In the Security Options section, if setting Require OATH PIN to True, optionally set values from the dropdowns for

a. Wipe Provisioned Data after: specify the maximum number of Failed PIN Attempt(s) permitted, after which provisioned data will be wiped from the app

b. Show PIN screen after: specify the number of Second(s) after which the PIN screen will appear

Click Save once the configuration has been made before leaving the Post Authentication page to avoid losing changes

Ensure the mobile app is the latest version from the app store

Ensure the device platform supports this functionality by checking here