Configuring OneSpan Risk Analytics for OOB user login via SMS

OTP via SMS delivery is not supported in sandbox.

OneSpan Risk Analytics has to be configured to return a challengeSMS (value = 3).

Before creating / updating the Risk Management component rules, OneSpan recommends saving the default set of pre-defined rules in your instance of Risk Analytics by exporting the Design Rules and Alert Management Configuration - see To save the default set of pre-configured rules in the Risk Management component for instructions.

To save the default set of pre-configured rules in the Risk Management component

  1. Navigate to Settings > Export/Import.

  2. To save the pre-configured rules, select the Design Rules and Alert Management Configuration check box.

  3. Click Export. The Risk Management component creates an .xml file and saves it as IRM_Export.xml.
  4. OneSpan recommends changing the file name to be able to retrieve the file for future use, e.g. IRM_Original_Export.xml.

To configure the Risk Management component to return a challenge SMS

  1. Navigate to DESIGN RULES & ACTIONS > Rule Management.

  2. From the navigation pane, navigate to Non Mon Events and open the Adaptive Authentication (Medium) campaign.

  3. In the Adaptive Authentication dashboard, click Create Division in the action buttons ribbon at the top of the dashboard.

  4. Enter a name for the division you are creating.

  5. Set the division priority.

  6. Add a description for the division.

  7. In the Criteria section, click Add to add criteria to your division.

  8. Select the relevant parameters from the Criteria list menus.

    IS > NON_MON_EVENT_TYPE_KEY > = LoginAttempt

  9. Click Save.
  10. In the End of Process screen, click Done.
  11. In the Adaptive Authentication campaign dashboard, from the Division section, open your new division.
  12. In the dashboard of your new division, add a rule by clicking Create Rule in the action buttons ribbon at the top of the dashboard. The Create Rule and Action Wizard guides you through the rule creation steps.
  13. Enter a name for the rule, and set the rule priority.

    You can categorize the rules you are creating according to their risk level as high, medium, or low risk.

  14. In the Criteria section of the rule dashboard, click Add. From the criteria list menus, add the required criteria to define your rule.

    IS > C_NEW_DEVICE_SESSION > = 1

  15. Click Save & Next.
  16. In the following steps of the Create Rule and Action Wizard, always select No in the buttons ribbon above the wizard, and / or click Save & Next:
    • Create History Criteria
    • Create Match Criteria
    • Create Match Key
    • Create Action
  17. In the Create Response/Status step, set the following values:

    Field Name: RESPONSE_CODE

    Set Value: ChallengeSMS

  18. Click Save.
  19. In the End of Process screen, click Done. The new rule has been created.
  20. Return to the division dashboard and activate it by clicking Toggle Division in the action buttons ribbon at the top of the dashboard.
  21. In the End of Process screen, click Done.
  22. The division's status is now active; in the navigation panel on the left your new division is selected with a green check mark next to it.
  23. Open the rule dashboard and verify the rule settings by clicking through the rule parameters in the parameter accordion at the bottom of the rule dashboard.
  24. If everything is correct, activate the rule by clicking Toggle Rule in the action buttons ribbon at the top of the dashboard. The rule's status is now active.
  25. In the End of Process screen, click Done.
  26. You are taken back to the rule dashboard. Add a Response/Status by clicking the Create Response/Status button in the action buttons ribbon at the top of the dashboard.
  27. In the Response/Status dashboard, from the Set Value list, select ChallengeSMS.
  28. Click Save.
  29. In the End of Process screen, click Done.
  30. In the rule dashboard, verify the Response/Status parameters.

    RESPONSE_CODE set to ChallengeSMS at Non Mon Event Level

You can save this new environment with the SMS rules by exporting the Export Design Rules and Alert Management Configuration with the OneSpan Risk Analytics Presentation Service Export/Import feature. See To save the default set of pre-configured rules in the Risk Management component for the detailed steps; change the original file name to be able to retrieve the file for future use, e.g. SMS_Rule_Alert_Management.xml.

If the configuration is completed and the rule has been set in the Risk Management component, you can proceed with the test of the ChallengeSMS use case. For more information about how to proceed with the OOB user login via SMS, refer to the Integration Guide.

At the end of the test, de-select or remove the new configurations outlined in To configure the Risk Management component to return a challenge SMS. You can also import the initially saved environment (example: IRM_Original_Export.xml): Open the Export/Import menu, click Browse, and select the initially saved file and click Import.