The following table provides information about SecurID ACE/Server account attributes. The data type for all attributes is String, unless otherwise noted.
The SecurID ACE/Server adapters do not support custom account attributes (known as User Extension Data on SecurId) that contain multiple values.
Waveset User Attribute |
Resource User Attribute |
Description |
---|---|---|
adminGroup |
adminGroup |
The group the administrator is a member of. This is a read-only attribute. |
adminLevel |
adminLevel |
The administrative level of the user. The value can be realm, site, or group. This is a read-only attribute. |
adminSite |
adminSite |
The sites to which the administrator has access to. This is a read-only attribute. |
adminTaskList |
adminTaskList |
The name of the set of tasks that the administrator can perform. This is a read-only attribute. |
adminTaskListTasks |
adminTaskListTasks |
The specific tasks the administrator can perform. This is a read-only attribute. |
allowedToCreatePin |
allowedToCreatePin |
Read-only Boolean attribute that indicates that a user is allowed to specify a PIN. If the PIN is not specified, the system will generate one for the user |
clients |
clients |
Specifies the clients a user is a member of. |
accountId |
defaultLogin |
The account ID for the user in ACE/Server. Maximum 48 characters. |
defaultShell |
defaultShell |
User’s default shell. Maximum 256 characters. |
expirePassword |
WS_PasswordExpired |
Indicates whether the password will be expired. When the password is expired, the SecurID account will be placed in New PIN Mode. This is a write-only attribute. |
firstname |
firstname |
Required. The user’s first name. Maximum 24 characters. |
groups |
groups |
Specifies the groups a user is a member of. |
lastname |
lastname |
Required. The user’s last name. Maximum 24 characters. |
remoteAlias |
remoteAlias |
The user’s login name in their remote realm. |
remoteRealm |
remoteRealm |
For remote users, the realm the user is part of. |
requiredToCreatePin |
requiredToCreatePin |
Read-only Boolean attribute that indicates that a user must specify a PIN. |
tempEndDate |
tempEndDate |
Date when temporary mode ends. |
tempEndHour |
tempEndHour |
Hour when temporary mode ends. |
tempStartDate |
tempStartDate |
Date when temporary mode begins. |
tempStartHour |
tempStartHour |
Hour when temporary mode begins. |
tempUser |
tempUser |
Sets a user in or out of temporary mode. |
tokenClearPin |
token1ClearPin |
When set on a user update, it will cause the user’s PIN to be cleared. |
tokenDisabled |
token1Disabled |
When set on a user update, it will cause the user’s PIN to be disabled. |
tokenLost |
token1Lost |
When set to true on a user update, the account will be put in emergency access mode within RSA. |
tokenLostPassword |
token1LostPassword |
When the value is not blank, then the lost token will use the value given as the temporary passcode. If the value is blank, then the legacy behavior of having RSA assign temporary passcodes is performed. This is a write-only attribute. |
tokenLostExpireDate |
token1LostExpireDate |
Specifies the date when the “lost token” temporary password expires. This attribute is meaningful only when tokenLostPassword is not blank and tokenLostLifeTime is either blank or zero. This is a write-only attribute. This attribute is not implemented in the sample user form. |
tokenLostExpireHour |
token1LostExpireHour |
Specifies the hour when the “lost token” temporary password expires. (For example, use 16 to represent 4:00 P.M.) This attribute is meaningful only when tokenLostPassword is not blank and tokenLostLifeTime is either blank or zero. This is a write-only attribute. This attribute is not implemented in the sample user form. |
tokenLostLifeTime |
token1LostLifeTime |
Specifies how long to honor, in hours, the temporary passcodes. This field can be used regardless of the value of takenLostPassword. This is a write-only attribute. |
tokenFirstSequence |
token1FirstSequence |
Specifies the original token when a token needs to be resynchronized. This is a write-only attribute. |
tokenNewPinMode |
token1NewPinMode |
When the users account has been placed in New PIN Mode, specifies the user’s new PIN. |
tokenNextSequence |
token1NextSequence |
Specifies the new token when a token needs to be resynchronized. This is a write-only attribute. |
tokenPin |
token1Pin |
Encrypted. The user’s PIN. |
tokenPinToNTC |
token1PinToNTC |
If set to true, begins the process of setting a PIN for a specified assigned token to next tokencode. |
tokenPinToNTCSequence |
token1PinToNTCSequence |
Specifies the user’s current tokencode. |
tokenResync |
token1Resync |
Indicates whether to resynchronize a token. This attribute enables the tokenFirstSequence and tokenNextSequence attributes. This is a write-only attribute. |
tokenSerialNumber |
token1SerialNumber |
Token serial number. Must be 12 characters. Insert leading zeros as needed to meet this requirement. |
tokenUnassign |
token1Unassign |
Specifies a token to remove from a user. This is a write-only attribute. |
userType |
userType |
Must be either Remote or Local. |