Consent-based device registration is the process of registering
the device fingerprint only after the user consents to the device
registration.
About this task
The settings of the consent to device registration mechanism
specify:
- Whether to set the authentication level of the user's credential
when the consent to device registration is completed.
- The value to be used to set the authentication level. The authentication
level on the credential is used to represent the strength
of the authentication that is used to generate the credential.
By default, the authentication level is not set by the consent
to device registration operation. Use this task to enable setting
the authentication level on the user credential. When the authentication
level is set, it can be evaluated as part of an access control policy
or by the policy enforcement point to grant access to a resource
that requires a specific authentication level .
Procedure
- Log in to the local management interface.
-
Click AAC.
- Under Policy, click Authentication.
- Click Mechanisms.
- Click Consent to device registration.
- Click
. - Click the Properties tab.
- Select a property that you want to configure.
- Click .
- Enter the value for that property.
- Click OK.
- Take note of the properties for the mechanism.
- Set Authentication Level Credential Attribute
- Enables the consent to device registration authentication to
set the authentication level on the session.
Data type: Boolean
Default: False.
- Authentication Level Credential Attribute Value
- The authentication level value to be used when the consent to
device registration is configured to set the authentication level.
Data
type: Integer.
Default: 2.
- Click Save.
What to do next
When you configure the mechanism, a message indicates that
changes are not deployed. Deploy changes when you are
finished. For more information, see Deploying pending changes.