Restrict the number of authenticators (licenses and/or instances) assigned per user

To avoid replay attacks, you can restrict the maximum number of authenticators assigned to a user for specific authenticator types. This applies to single-device licensing (SDL) and multi-device licensing (MDL)Closed OneSpan licensing model with a one-to-one relationship between a user account and an authenticator serial number license. With this licensing model, a user account can be optionally bound to several authenticator instances. Multi-Device Activation, which is an activation process in two steps, guarantess that only the intended user can perform the device activation. authenticators, and authenticator instances (MDL only).

This feature is restricted to certain types of authenticators.

Restrictions by authenticator type
Authenticator type Description Limit
TYP03 MDL instance for authenticators on iOS, derived from the DAL10 authenticator type. 10 instances per user
TYP07 MDL instance for authenticators on Android, derived from the DAL10 authenticator type. 10 instances per user

MDL license

1 per user
VIR10 Virtual authenticator 1 per user

If the limit has been exceeded, Intelligent Adaptive Authentication displays the following error message: The authenticator limit has been reached.

If a user account has 10 or more active instances of TYP00, TYP03, or TYP07, it will not be possible to activate more until enough instances have been deleted to be at or under the 10-instance limit.

This limit exceeded error affects the following endpoints:

The limit can be adjusted per tenant in the relevant authentication policies by a OneSpan administrator.