Offline authentication

Offline authentication occurs when a user authenticates to Windows via Digipass Authentication for Windows Logon, and the client computer is not connected to the network or cannot establish a connection to OneSpan Authentication Server. Authentication is performed based on (locally stored and encrypted) offline authentication data.

The offline authentication data is generated by OneSpan Authentication Server during successful online authentication. It is either limited to a specific time span (time-based) or the number of authentications (event-based). This requires the client to perform online authentication on a regular basis.

You need to enable offline authentication via the OneSpan Authentication Server configuration.

Offline authentication - conceptual overview

Although Digipass Authentication for Windows Logon is not connected to OneSpan Authentication Server during an offline authentication process, static password verification can be enforced during offline authentication via the OneSpan Authentication Server configuration.

Locked offline authentication

After a pre-defined number of failed offline authentication attempts, the offline authentication data will be deleted from Digipass Authentication for Windows Logon. This includes both offline state data and hash data.

As a consequence, offline authentication data on OneSpan Authentication Server and on Digipass Authentication for Windows Logon are no longer synchronized. To re-enable offline authentication, an administrator needs to delete the offline authentication data of the Digipass Authentication for Windows Logon user also on OneSpan Authentication Server. After this, the Digipass Authentication for Windows Logon client can again receive new offline authentication data from the server.

As long as offline authentication is locked, the Digipass Authentication for Windows Logon Tray Agent status is Status: Error. Offline authentication data locked. When a user tries to update locked offline authentication data via Tray Agent, the message Contact your system administrator to reset the Digipass offline authentication data. will be displayed.

For more information about how to configure the number of retries before locking offline authentication data, see Authentication provider.