Skip to main content
Version: 7.2405.x.x LTS

All credentials

The TIDMA_CREDENTIAL table lists all attributes that are valid for all credential types.

There are also attributes that are only used by certain credential types, for example, the reset_count attribute for password credentials. These attributes are listed in the following chapters.

Database table TIDMA_CREDENTIAL

DB attributeJava data type (max. size), defaultsDescription
auto_transition_dateDate, nullableThe execution date of the next automatic state transition.
auto_transition_state_idLong, nullableThe target state_id of the next automatic state transition.
contextString(2048), nullableContext of the credential. This is used for context passwords and as a label for OATH credentials.
credential_idLong, not NULLPrimary key (uniquely identifies each individual credential)
credential_type_idLong, not NULLThe credential type of the credential.
extidString(50), not NULLExternal identifier
last_changeDate, not NULLDate of last change of the credential's content.
modificationCommentString(1000), nullableComment of related add/update/delete action.
nameString(100), nullableName of the credential. Only used for OTP credentials.
policy_configuration_idLong, nullableThe policy configuration that belongs to the credential. Foreign key that links to information in the table TIDMA_POLICY_CONFIGURATION. Only null for credentials whose type has no corresponding policy type (that is, for Kerberos, SecurID, Safeword, FIDO UAF and FIDO2).
reset_countInteger, not NULLNumber of times the credential has been reset.
state_change_detailString(1000), nullableFree text details about the last change of state.
state_change_reason_cdInteger, nullableReason code for the last change of state. Supported reason codes are:
  • 1: initialized
  • 2: activated
  • 3: too-many-login-failures
  • 4: reset-by-admin
  • 5: changed-by-admin
  • 6: changed-by-user
  • 7: logged-in-with-strong-cred
  • 8: cert-uploaded
  • 9: policy-check-failed
  • 10: renewal
  • 11: reset
  • 12: cert-revoked
  • 13: unlock
  • 14: changed-by-batchjob
state_idLong, not NULLPossible states of the credentials:
  • 1: initial
  • 2: active
  • 3: temporarily locked
  • 4: locked
  • 5: reset code
  • 6: changed by an administrator
  • 7: disabled
  • 8: archived
The set of available states depends on the credential's type.
user_idLong, not NULLThe user to which the credential belongs. Foreign key that links to information in the table TIDMA_USER
valid_fromDate, not NULLThe date when the credential becomes/became valid.
valid_toDate, not NULLThe date when the credential becomes/became invalid.
valueString(4000), not NULLValue of the credential. E.g., for a password, the value could be myPassword1, or whatever your password is.
value_plainString(4000), nullableHelper field. Always empty.