When I create the start validity date & end in the Registration token
it’s ok, but when the user enrolls TOTP to log in,
I checked the user’s information the start validity date & end was not displayed as it was when set in the Registration token
I have to select them again. How can I map them in the Registration token to the TOTP token?
Thanks for your support.
Currently, I have 2 unknown issues as follows:
What is the input structure for Validity Date/End box?
The company’s policy asigns each users to a different token expiry date. How to map the Validity Date in Registration to the one that you show?
Notes: The system Iam using is a registration code that users can enroll and force the user to enroll TOTP token
This is interesting. Do I understand your scenario correctly?
The admin or a helpdesk user enrolls a registration token to a user. This has an individual validity period, depending on the user like 2 weeks, 13 days or ‘till Xmas’. The admin sets this end date manually.
Then the user uses this registration token to authenticate and self-enrol a TOTP token. The user is not allowed to set the validity date, but rather should the validity date (end) be read from the registration token and transferred to the TOTP token.
This way the admin can initially define the individual validity period for a TOTP token per user, before the TOTP token exists.
You could do this with two event handlers. But you need to store the validity period of the registration token somehwere, because it is deleted, before the TOTP token is created.
Helpdesk enrolls registration token.
Script Event handler: after enrolling registration token store validity period of this token somewhere (maybe user attributes)
User logs in with registration token, it is deleted.
User enrolls TOTP.
Script Event handler: after totp token is enrolled, the event handler reads the validity period and sets it in the TOTP token.