Mobile Authenticator Studio activation
Self-Registration, Auto-Assignment, and Online Activation for Mobile Authenticator Studio
The User Self-Management Website offers two different versions of this page, for online activation of the OneSpan Mobile Authenticator and for online activation of Mobile Authenticator Studio. Depending on the authenticator used, you need to make the appropriate page available to your end users (see Restrict access to OneSpan User Websites functionality).
On the Self-Registration, Auto-Assignment, and Online Activation for Mobile Authenticator Studio page, users can start the online activation process for their Mobile Authenticator Studio authenticator. To do so, users must enter their user name and password in the Self-Registration, Auto-Assignment, and Online Activation for Mobile Authenticator Studio page.
If user authentication is successful, a color QR code that contains the required activation data, as well as the plain activation data are displayed on the Self-Registration, Auto-Assignment, and Online Activation for Mobile Authenticator Studio page. To complete the activation process, the user needs to scan the color QR code or type the registration identifier and the activation password manually using Mobile Authenticator Studio on the mobile device. Once the registration identifier and the activation password have been successfully validated on OneSpan Authentication Server, the corresponding activation data is sent to the Mobile Authenticator Studio application, and the activation process is completed.
For detailed information about how to implement and customize the Mobile Authenticator Studio activation process, refer to the Mobile Authenticator Studio product documentation.
Self-Registration, Auto-Assignment, and Offline Activation Using Black&White QR Codes
On theSelf-Registration, Auto-Assignment, and Offline Activation Using a Black&White QR Code page, users can start the standard activation process for their Mobile Authenticator Studio authenticators. To do so, users must enter their user name and password in the Registration page. If user authentication is successful, the Activation page is displayed, which contains a QR code that was generated by the DSAPP library. The QR code can optionally be sent to the user via email. To complete the activation process, the user needs to scan the QR code with the Mobile Authenticator Studio app on their mobile device.
In OneSpan Authentication Server, a policy must be applied to the OneSpan User Websites client component, where the user is authenticated locally or via the back end. If this policy setting requirement is not met, offline activation via QR code is not supported.
Optionally, the user can also bind their device in OneSpan Authentication Server via OneSpan User Websites. To do so, the user enters the authenticator response and clicks Bind on the Activation page. OneSpan User Websites will display a success message after successful binding.
You can offer both functions, or you can choose to display only one of the relevant buttons. You can also select the default button—in the factory settings, Activate is defined as the default button. For more information about customizing OneSpan User Websites, see Customize OneSpan User Websites.
For more information about implementing and customizing the Mobile Authenticator Studio activation process, refer to the Mobile Authenticator Studio product documentation.
2-Step Offline Activation Using Color QR Codes
On the 2-Step Offline Activation Using a Color QR Code page, users can activate their authenticators offline by using multi-device activation. Authenticators must be compatible with multi-device licensing and multi-device activation.
For more information about implementing and customizing the authenticator activation process, refer to the product documentation of the authenticator used. For more information about multi-device licensing and activation, refer to the OneSpan Authentication Server Product Guide and the OneSpan Authentication Server Administrator Guide.
With User Self-Management Website, users can activate Mobile Authenticator Studio and bind their Mobile Authenticator Studio app to their mobile device. Thus, users can ensure that only the mobile authenticator that is installed on the bound device will generate valid responses. Any responses that are generated by the same (i.e. with the same serial number) Mobile Authenticator Studio app on a mobile device other than the device it was bound to, will be invalid and cannot be used for authentication.
Device binding requires a derivation code, which is generated by the administrator based on authenticator-specific activation data. To complete Mobile Authenticator Studio activation and device binding, the user needs to enter their user name and the derivation code in the Device Binding page of User Self-Management Website.
For more information about device binding, refer to the Mobile Authenticator Studio product documentation.