Configuration of the Authentication component Out-of-Band user login via SMS, email, or voice OTP

The Out-of-Band user login via SMS, email, or voice OTP can be configured through the configuration of the Authentication component service via the Authenticator and User Management service. The Message Delivery Component (MDC) provides the interface to use for the connection to these gateways.

In the OneSpan Intelligent Adaptive Authentication demo, the MDC is pre-configured and provides the capabilities to deliver the OTP to the user via SMS, email, and voice call. The user’s mobile phone number, email address, and landline phone number are stored in the user information within the Authentication component.

To configure the Authentication component service

  1. Create a user in OneSpan Intelligent Adaptive Authentication demo and assign or modify the mobile phone number, email address, and landline phone number that will be used for the test.

  2. In the OneSpan Community Portal, access the Intelligent Adaptive Authentication Interactive API Reference, and the relevant operation endpoint at https://{tenant}.{environment}.tid.onespan.cloud/v1/users. The domain is retrieved from the .../Adaptive Authentication Sandbox user field:

    PATCH /v1/users/{user[1..10].mybank@domain}

    {
      "emailAddress": "[email protected]",
      "mobilePhoneNumber": "+CC MDN", (example +1 123 345 6789)
      "vdpDeliveryMethod": "Email||SMS||Voice” (example SMS)
    }

  3. In the OneSpan Community Portal, access the Intelligent Adaptive Authentication Interactive API Reference, and the relevant operation endpoint at https://{tenant}.{environment}.tid.onespan.cloud/v1/authenticators.
  4. Assign a Digipass authenticator (serial number: VIR10) from your tenant to your user on the desired environment (the Digital Banking environment that is found under .../Risk Analytic > SELECTING THE TARGET Risk Analytics ENVIRONMENT).
  5. Use GET /v1/authenticators to retrieve a list of authenticators to attach to the user. Ensure that the type VIR10 is selected. The domain is retrieved from the .../Adaptive Authentication Sandbox user field.
    1. In the Swagger page, enter the domain as selected above, and the type VIR10
    1. EXECUTE.
  6. Use POST /v1/authenticators/{serialNumber}/assign to assign an authenticator to a user. Select one of the authenticators listed in the previous command.

    {
      “domain”:”domain”, (Insert the same domain as defined above)
      “userID”: “VIR10”
    }