Configuration of Push Notification for Digipass Authentication for Windows Logon

To enable Push Notification as the authentication method for Digipass Authentication for Windows Logon, you need to adjust certain settings. This topic provides the necessary instructions.

For more information about Push Notification and configuration steps in OneSpan Authentication Server, refer to the Push Notification Getting Started Guide.

Enable Push Notification in the policy settings

To allow Push Notification, you need to enable it in the effective policy settings used by the Digipass Authentication for Windows Logon clients.

To enable Push Notification in the policy settings

  1. Log on to OneSpan Authentication Server Administration Web Interface.
  2. Navigate to Policies > List.
  3. Select the policy used for the Digipass Authentication for Windows Logon clients.
  4. Switch to the Digipass tab and verify or adjust the following settings:
    • Application Names: This field is optional. It is used to restrict Digipass applications based on the application name to handle requests. If this field is not set in the policy, all applications are allowed to handle requests. OneSpan Authentication Server will select one authenticator application to be included in the Push Notification request.
    • Secure Channel Support: Yes - Permitted
    • Click Save.
  5. Switch to the Push Notification tab and verify or adjust the following settings:
    • Request Method: disabled
    • Request Keyword: push
    • Mobile Application Name: com.vasco.digipass.es
    • Authentication timeout (seconds): 30

    The password field is required in Digipass Authentication for Windows Logon if Password/PasswordKeyword/KeywordPassword are selected as the request method.

    If KeywordOnly is selected as the request method, the field is left empty.

  6. Click Save.

Configure offline authentication data (OAD) generation

Push Notification works with Digipass Authentication for Windows Logon only if the client computer is connected to the network and can establish a connection to OneSpan Authentication Server, similar to online authentication. Without a connection to the server, you cannot use Push Notification to authenticate with Digipass Authentication for Windows Logon. However, you can configure OneSpan Authentication Server to generate offline authentication data (OAD) during a successful Push Notification authentication (for future offline authentication with an OTP).

To generate OAD when authenticating via Push Notification, you need to have:

  • Offline authentication enabled in the policy settings.
  • A Digipass authenticator with the required authenticator application configured.

The relevant Digipass authenticator requires two Digipass applications:

  • Response-Only. This application is used for online and offline authentication using OTPs. It can be either time- or event-based. Score-based is not supported.
  • Secure Channel. This application is used for Push Notification authentication. In case of successful authentication via Push Notification, OAD is generated with the Response-Only application.