Virtual Mobile Authenticator OTP generation
The authentication process using Virtual Mobile Authenticator is a follows:
- The user requests an OTP to be generated and delivered to the user. How the user needs to request the Virtual Mobile Authenticator OTP is defined by the Request Method, Request Keyword, and Delivery Method policy settings (see Request methods and request keywords).
- The OTP is sent to the user's mobile phone number or email address set in the user account.
For the backup Virtual Mobile Authenticator method you can define additional usage restrictions to minimize costs (see Authenticators). These restrictions are verified before an OTP will be generated.
If the OTP request has been accepted and an OTP has been delivered successfully, the user submits a second step logon with the OTP. This second step goes through the whole authentication process again to verify the OTP.
This process is as follows:
- The user requests a Virtual Mobile Authenticator logon.
- OneSpan Authentication Server generates an OTP.
- OneSpan Authentication Server sends the OTP, delivery method, and user contact details to the Message Delivery Component (MDC).
-
MDC passes the information to either of the following:
- SMS gateway, which sends a text message containing the OTP to the user's mobile phone.
- Mail server, which sends an email containing the OTP to the user's email address.
- Voice gateway, which sends a text message containing the OTP to the user's phone.
- The user receives the OTP.
- The user enters the OTP into the logon window.
- OneSpan Authentication Server authenticates the logon request as usual.