Authenticator management

Intelligent Adaptive Authentication supports the API-based administration of authenticator management tasks. You can administrate authenticators through the authenticator-management interface of the OneSpan Trusted Identity platform APIClosed Provides the endpoints that are required for the successful completion of the operations..

Authenticator management tasks and request elements

The authenticator-management interface validates and returns the status of each operation upon completion. The interface handles the administration tasks with the relevant request endpoints and methods.

Supported authenticator management tasks with the relevant endpoints and methods
Operation Description Request endpoint
Query authenticators

Retrieve all authenticators that match certain query criteria (e.g. serial number, domain, authenticator type, assignment status, instance description).

GET /authenticators

View authenticator

View a specific authenticator.

GET /authenticators/{serialNumber}

Verify license activations

Verify the availability of license activations for the provisioning of MDL authenticators.

If you want to verify the availability of a single license, use the view-authenticator endpoint.

GET /authenticators/{serialNumber}

If you want to verify several licenses or do not know a license number, use the query-authenticators endpoint (and filter e.g. by type and assigned = true as parameters).

GET /authenticators

Delete authenticator Delete the serial number of standard licensing (SDL) authenticators, and licenses and/or instances of MDLClosed OneSpan licensing model with a one-to-one relationship between a user account and an authenticator serial number license. With this licensing model, a user account can be optionally bound to several authenticator instances. Multi-Device Activation, which is an activation process in two steps, guarantess that only the intended user can perform the device activation. authenticators.

DELETE /authenticators/{serialNumber}

Update authenticator application Update an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

Generate virtual OTP

Generate a virtual OTP for an authenticator application.

POST /authenticators/{serialNumber}/applications/{applName}/generate-votp


Set the PIN for an authenticator application.

It is not possible to set the PIN for an authenticator application in the same request used for enabling / disabling the PIN for an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

Reset PIN Reset the PIN for an authenticator application.

POST /authenticators/{serialNumber}/applications/{applName}/reset-pin

Unlock authenticator application

Unlock a user's authenticator application after too many incorrect PIN entries.

For more information, see Unlock an authenticator after incorrect PIN entries.

POST /authenticators/{serialNumber}/applications/{applName}/unlock

Test authenticator application Trigger a test for an authenticator application (one-time password (OTP) or signature test).

POST /authenticators/{serialNumber}/applications/{applName}/test

Assign authenticator

Assign an authenticator to a user.

For FIDOClosed The FIDO (Fast IDentity Online) Alliance is an organization whose main goal is to reduce the user’s reliance on passwords. It proposes several frameworks that enable passwordless authentication.-based authentication, this task is performed during authenticator registration.

POST /authenticators/{serialNumber}/assign

Bind authenticator Device binding: bind an authenticator to a device.

POST /authenticators/{serialNumber}/bind

Decrypt an information message body Decrypt the body of a Secure ChannelClosed The Secure Channel feature encrypts the communication between device and server. It uses payload keys to protect the confidentiality and authenticity of the message's payload. information message. For more information, see Decrypt an information message body.

POST /authenticators/{serialNumber}/decrypt-information-message

Generate activation data Generate activation data for a software authenticator.

POST /authenticators/{serialNumber}/generate-activation-data

Generate activation message Generate an activation message for an authenticator.

POST /authenticators/{serialNumber}/generate-activation-message

Move authenticator

Move an authenticator from one domain to another.

You can only move an authenticator to another domain before the authenticator instances are created!

POST /authenticators/{serialNumber}/move

Reset authenticator activation

Reset the activation information for a specified authenticator.

For more information, see Reset authenticator activation information.

POST /authenticators/{serialNumber}/reset-activation

Unassign authenticator Unassign an authenticator from a user.

POST /authenticators/{serialNumber}/unassign

Unbind authenticator Unbind an authenticator from its device.

POST /authenticators/{serialNumber}/unbind

Add authenticator instance description

Add a description to an MDL authenticator instance. and use this description to identify this instance.

For more information, see Identify authenticator instances by the instance description.

POST /users/register


POST /registrations

Enable/disable PIN Enable / Disable the PIN for an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

User-initiated authenticator time synchronization User-initiated time synchronization for both time- and event-based authenticators.

POST /users/{userID@domain}/sync-authenticator

Restrict the number of assigned authenticators per user

Restrict the maximum number of authenticators assigned to a user for specific authenticator types.

For more information, see Restrict the number of authenticators (licenses and/or instances) assigned per user.


Authenticator provisioning of application secrets

With Intelligent Adaptive Authentication, you can provision authenticators offline in multi-device licensing (MDL) mode supporting the OneSpan CrontoClosed Specific colorful cryptogram, similar to a QR code that is used for visual transaction signing. technology. Supported authenticators are:

  • Hardware authenticators with Cronto image support
  • OneSpan Mobile Authenticator Studio