Token data storage
8.4.2. Configuration of token data storage

Token-data - i.e. data required for authentication tokens such as matrix cards, OTP tokens, client certificates, and so on - is generally stored independent of user data (exception: password data).

There are two types of token data (mainly for historical reasons):

User-token data ("CredentialBeans")

  • Are stored "in" the user record = there is exactly one or no token of a type per user
  • Examples: Matrix card, MOTP (OATH), mTAN (SMS)*
  • Configuration: using "Credential Persister" plugins. They are configured where used, e.g. in the token management section of the Adminapp or in the corresponding authenticator plugins.

Token data ("Token Model") - only in Airlock IAM

  • Are stored independent of users data in separate tables or directory trees = multiple tokens per type and user possible (even multiple users per token possible)
  • Examples: mTAN (SMS), PhotoTAN (Cronto), OneSpan (Vasco) OTP, smart cards (certificates) ...
  • Configuration of data repository for token data: "MAIN SETTINGS" - "Data Sources" - "Token Data Source"

(*) mTAN(SMS) tokens can be stored with the user (as mobile phone attribute of the user) or in a separate token data table/directory tree.