Components of the OneSpan push notification solution
The OneSpan push notification solution is a hybrid authentication/signing solution. It consists of a number of OneSpan products and product components, including push notification–specific on-premises and (possibly) OneSpan cloud components. The solution can be configured not to use any OneSpan cloud services.
On the mobile device
The authenticator app is an app on the mobile device of the end user. This app receives push notifications. There are different apps available from OneSpan.
OneSpan Mobile Authenticator
OneSpan Mobile Authenticator is a two-factor authenticator for one-time password (OTP) generation. The OTP displayed by the OneSpan Mobile Authenticator app can be used as back-up authentication mode when the push notifcation–based authentication does not succeed.
Mobile Authenticator Studio
Mobile Authenticator Studio is a customizable mobile app facilitating two-factor authentication as well as e-signature generation to address the security risks of mobile and online applications. It is available for Android and iOS mobile devices.
OneSpan Mobile Security Suite
OneSpan Mobile Security Suite is a software development kit (SDK) to natively integrate application security, two-factor authentication, and electronic signatures into mobile applications developed by OneSpan customers.
In the customer network
DIGIPASS Gateway (on-premises)
DIGIPASS Gateway is a web service acting as a front-end service to OneSpan Authentication Server for authenticators. It is usually deployed in the demilitarized zone (DMZ). It isolates OneSpan Authentication Server from the (untrusted) mobile applications' networks as the mobile app retrieves the required authenticator data. It provides web services for authenticator provisioning as well as authentication and signing facilities.
It can also be used to relay messages from the Message Delivery Component (MDC) service to third-party notification services.
OneSpan Authentication Server is a centralized authentication server offering strong authentication, validation of transaction signatures, and authenticator provisioning services. It verifies authentication requests from individuals trying to access the corporate network or business applications.
Message Delivery Component (MDC)
The Message Delivery Component (MDC) service accepts one-time password (OTP) notifications and other messages from OneSpan Authentication Server. It interfaces with SMS, email, voice, or push notification gateways to relay those messages to a user’s phone or email address. Push notifications can be forwarded via an on-prem DIGIPASS Gateway or OneSpan Notification Gateway.
OneSpan User Websites provides an intuitive self-management website that allows end-users to manage their software and hardware authenticator without help desk support.
OneSpan cloud/web services
The OneSpan Notification Gateway acts as a proxy towards Apple Push Notification service (APNs) (for iOS devices) and Firebase Cloud Messaging (FCM) (for Android devices).
OneSpan DIGIPASS Gateway (cloud)
The OneSpan DIGIPASS Gateway (cloud) acts as a reverse proxy for the OneSpan Mobile Authenticator app to the on-prem DIGIPASS Gateway. For this reason, the on-prem DIGIPASS Gateway needs to be registered on the OneSpan Notification Gateway via the push notification account in the OneSpan Customer Portal.
The OneSpan Customer Portal is required for the push notification solution for two reasons:
-
You obtain your licenses required to set up OneSpan Authentication Server for push notifications via the OneSpan Customer Portal. There are two types of licenses available:
- Full licenses to set up a production system.
- Test licenses for evaluation purposes.
-
You need to register your on-prem DIGIPASS Gateway on the OneSpan Customer Portal. Furthermore, you create a push notification account. This account binds your on-prem DIGIPASS Gateway to the OneSpan Notification Gateway.