Authenticator management
The Login Test feature of the User Self-Management Website helps users to make sure they are logging on correctly to OneSpan Authentication Server.
To perform a login test, users need to provide their user name and, depending on the used authenticator, the following:
- Users of a one-button Digipass authenticator need to provide the PIN, followed by the authenticator response.
- Users of a keypad Digipass authenticator (e.g. Digipass 270) need to provide the authenticator response.
- If a Digipass authenticator that supports Challenge/Response authentication is used, users either need to leave the Password field blank to receive a challenge, or, if specified, they need to provide a keyword or their static password, or a combination of both.
- Users of Virtual Mobile Authenticator need to provide a static password or a keyword, or a combination of both, to receive a one-time password.
OneSpan Authentication Server offers a mechanism to set and/or change a user's PIN during an authentication process. This functionality is intended for users with authenticators that have a Response-Only application (e.g. Digipass GO 6 or Digipass GO 7).
User Self-Management Website and OneSpan Authentication Server provide a mechanism to change a user's static Active Directory password with a configured OneSpan Authentication Server back-end system.
For this feature, OneSpan Authentication Server must be configured to use a Windows back-end server, or SSL with an LDAP back-end server.
The user can be notified by means of various enterprise applications that they need to update their static Active Directory password. To change the static password, the user needs to enter their credentials for a local authentication and enter a new static password. The User Self-Management Website sends these credentials to OneSpan Authentication Server.
A user account can be locked after a specified number of unsuccessful authentication attempts. Usually, unlocking a user account requires assistance from an administrator. With self-unlock enabled, users can unlock their user accounts via User Self-Management Website, without further assistance from an administrator.
Self-unlocking a user account consists in successfully completing an authentication process. Therefore, users need to provide their user name and, depending on the used Digipass authenticator, the following:
- Users of a one-button Digipass authenticator need to provide the PIN followed by the authenticator response.
- Users of a keypad Digipass authenticator (e.g. Digipass 270) need to provide the authenticator response.
- If a Digipass authenticator that supports Challenge/Response authentication is used, users either need to leave the Password field blank to receive a challenge, or, if specified, they need to provide a keyword or their static password, or a combination of both.
- Users of Virtual Mobile Authenticator need to provide a password or a keyword, or a combination of both, to receive a one-time password.
To enable self-unlock with User Self-Management Website, you need to configure user auto-unlock in the policy that is assigned to User Self-Management Website. For more information about using and configuring user auto-unlock, refer to the OneSpan Authentication Server Administrator Guide and the OneSpan Authentication Server Administrator Reference.
New Static Password Synchronization
When a user's static password has changed, they can use User Self-Management Website to synchronize the static password on OneSpan Authentication Server. To update the static password, users need to successfully complete an authentication process.
Users of a Digipass authenticator with a Response-Only application need to provide their user name, the new static password, and the authenticator response. If required, the response is preceded by the PIN.
If a Digipass authenticator that supports Challenge/Response authentication or Virtual Mobile Authenticator is used, the user needs to enter their user name and the new static password or a keyword, or a combination of both, into the New Static Password Synchronization page. The Digipass Response field needs to remain blank in order for users to receive a challenge or a one-time password.