Push notification–based authentication

Push notifications can be used as an out-of-band (OOB) authentication method. The push mode enables client applications on mobile devices to authenticate a user, e.g. the OneSpan Mobile Authenticator app. During the authentication process, the user receives a notification prompt on the mobile device and completes the authentication process by tapping on the device (push and login).

The typical user authentication process using push notifications is as follows:

  1. The user initiates an authentication towards the application server. This triggers a push–notification-based authentication process.
  2. To trigger the push notification mode, the user authenticates as usual and, for instance, provides user ID and/or domain and a request keyword. The request method and authentication details are defined by a respective OneSpan Authentication Server policy.
  3. The authentication trigger request is sent by the application server to OneSpan Authentication Server. OneSpan Authentication Server generates the required push notification message. The push notification message is relayed to the Message Delivery Component (MDC) service.
  4. MDC processes the information and forwards the push notification request to either an on-prem DIGIPASS Gateway or the OneSpan Notification Gateway (cloud).
  5. The gateway sends the push notification request to the client mobile app via third-party notification services for the respective end device.
  6. The mobile authenticator app, e.g. OneSpan Mobile Authenticator, retrieves the push notification details from the DIGIPASS Gateway. It requests the user to confirm to log on to the specified client application.
  7. The user confirms this and accepts the push–notification-based authentication. Next, the mobile authenticator app authenticates against OneSpan Authentication Server via the DIGIPASS Gateway.
  8. OneSpan Authentication Server processes this request, and in case of success returns the authentication to the application server.
  9. The user is informed via the application server that the authentication has succeeded.

For more information about push notification–based authentication, refer to the Push Notification Solution Guide. For more information about DIGIPASS Gateway, refer to the DIGIPASS Gateway product documentation. For more information about the OneSpan Mobile Authenticator app, refer to the OneSpan Mobile Authenticator and Mobile Authenticator Studio product documentation.