Unit policy
credentialTypes
- Data type: int, comma-separated list surrounded by square brackets.
- Default: none
A comma-separated list of credential type IDs (for possible values see below) surrounded by square brackets, no spaces allowed. Only credentials of the enumerated types can be created for users of the corresponding units.
- If a user has more than one profile, the unit policy of the default profile's unit is taken.
- If a unit has no unit policy assigned, the default unit policy of the client is taken.
The available credential types can be defined in the client policy as well. In this case, all credential types defined in the unit policies have to be defined in the client policy as well.
Possible values:
| type ID | Credential type |
|---|---|
| 1 | Password |
| 2 | Certificate |
| 3 | SecurID |
| 4 | Ticket |
| 5 | Safeword |
| 6 | OTP |
| 8 | Temporary strong password |
| 9 | Generic credential |
| 10 | Kerberos |
| 11 | mTAN |
| 12 | Vasco Digipass token |
| 13 | PUK |
| 14 | URL ticket |
| 15 | Device password |
| 16 | Mobile signature |
| 17 | SAML federation |
| 18 | Security question |
| 19 | Context password |
| 20 | OATH |
| 21 | FIDO UAF |
| 22 | Recovery code |
| 23 | FIDO 2 |
Examples:
- credentialTypes=[1,2] : only passwords and certificates available
- credentialTypes=[] : no credential types available
- credentialTypes= : all credential types available
- credentialTypes not defined: all credential types available