User Self-Unlock

The following form fields must be used on the User Self-Unlock page and posted to the User Self-Management Website servlet (action="selfunlock"):

User Self-Unlock form fields
Form field name Visible label Description
username User Name

Required. The user name for logging on to User Self-Management Website. The maximum length is 255 characters.

password Password

Required.

  • For one-button Digipass authenticator: The PIN followed by the authenticator response.
  • For keypad Digipass authenticator: The authenticator response.
  • For Challenge/Response: If specified, the password for logging on to User Self-Management Website and/or a keyword.
  • For Virtual Mobile Authenticator: The password for logging on to User Self-Management Website and/or a keyword.

The maximum length is 128 characters.

commit Unlock Required. The button to submit data entered by the user to OneSpan Authentication Server.
replay_token <hidden> Required. Internally used form field to prevent re-transmission of form data.
User Self-Unlock form fields (Challenge page)
Form field name Visible label Description
username User Name

Required. The user name for logging on to User Self-Management Website. The maximum length is 255 characters.

password Password

Required.

  • For one-button Digipass authenticator: The PIN followed by the authenticator response.
  • For keypad Digipass authenticator: The authenticator response.
  • For Challenge/Response: If specified, the password for logging on to User Self-Management Website and/or a keyword.
  • For Virtual Mobile Authenticator: The password for logging on to User Self-Management Website and/or a keyword.

The maximum length is 128 characters.

challengekey <hidden> Required. Internally used form field to facilitate Challenge/Response authentication.
commit Unlock Required. The button to submit data entered by the user to OneSpan Authentication Server.
replay_token <hidden> Required. Internally used form field to prevent re-transmission of form data.

User self-unlock process (one-button Digipass authenticator)

  1. The user navigates to the User Self-Unlock page.
  2. The user enters their user name.
  3. The user enters the password.
  4. The user clicks Unlock.
  5. If authentication is successful, the user account is unlocked, and the user can use their Digipass authenticator again.

User self-unlock process (Digipass authenticator with keypad)

  1. The user navigates to the User Self-Unlock page.
  2. The user enters their user name.
  3. The user enters the password.

    The password is the authenticator response.

  4. The user clicks Unlock.
  5. If authentication is successful, the user account is unlocked, and the user can use their Digipass authenticator again.

User self-unlock process (Digipass authenticator using Challenge/Response authentication)

  1. The user navigates to the User Self-Unlock page.
  2. The user enters their user name.
  3. The user does one of the following:

    • Leave the Password field blank.
    • Enter the password.

      The password may be a keyword, the static password, or a combination of both.

  4. The user clicks Unlock.
  5. The user enters the challenge displayed on-screen into their Digipass authenticator.
  6. The user enters the response from their Digipass authenticator in the Password field on the User Self-Unlock page.
  7. The user clicks Unlock.
  8. If authentication is successful, the user account is unlocked, and the user can use their Digipass authenticator again.

User self-unlock process (Virtual Mobile Authenticator)

  1. The user navigates to the User Self-Unlock page.
  2. The user enters their user name.
  3. The user enters the password.

    The password may be a keyword, the static password, or a combination of both.

  4. The user clicks Unlock.
  5. The user enters the OTP they have received via text message or email in the Password field on the User Self-Unlock page.
  6. The user clicks Unlock.
  7. If authentication is successful, the user account is unlocked, and the user can use their authenticator again.