Configuring device fingerprint expiration

The administrator can specify the number of days that a device fingerprint can remain valid based on the number of days since the device was last used.

About this task

The user must re-register a device when the device fingerprint expires. For example, the user must re-register a device under the following circumstances:
  • The device has a registered fingerprint that was not used in 120 days.
  • The administrator specified that devices must be used at least one time per 90 days.
Note: The risk engine does not consider expired device fingerprints when it calculates risk scores. To use an expired device fingerprint, re-register the device.

Procedure

  1. Log in to the local management interface.
  2. Click AAC.
  3. Under Global Settings, click Advanced Configuration.
  4. Configure the following properties:
    • deviceRegistration.checkForExpiredDevices
      1. Click Edit Edit.
      2. Select Enabled. This property enables the risk engine to check whether devices are inactive or expired.
      3. Click Save.
    • deviceRegistration.inactiveExpirationTime
      1. Click Edit Edit.
      2. Specify the number of days that device fingerprints remain valid if they are not used. The default is 90 days.
      3. Click Save.