Topology and deployment scenarios
Depending on your use cases, several different deployment scenarios integrating push notifications are possible. The various deployment topologies differ in terms of allowed applications and workflows, the level of OneSpan cloud service integration, and the level of authenticator app customization. However, these aspects influence each other.
Applications and workflows
Push notifications can be used for provisioning (activating an end device), push and login, and push and sign.
Cloud service integration
OneSpan provides cloud services for the following purposes:
- Relay notifications to the respective third-party notification services (Apple Push Notification service (APNs), Google Firebase Cloud Messaging (FCM)).
- Route communication from the mobile authenticator app back to the customer network.
Depending on your requirements you can integrate these cloud services to a greater or lesser extent:
- Cloud-only. These scenarios use OneSpan cloud services for both purposes. Push and sign is not supported in these scenarios.
- Cloud/on-premises. Push notifications are sent via OneSpan cloud services. Data sent from the mobile authenticator app back to the customer network is directly routed via an on-prem DIGIPASS Gateway.
- On-premises-only. These scenarios don't use any OneSpan cloud service, but depend on customer-tailored solutions.
Communication from / to | Cloud only | Cloud/On-prem | On-prem only |
---|---|---|---|
Customer network to mobile app (via notification services) | ✓ | ✓ | – |
Mobile app to customer network (via gateway services) | ✓ | – | – |
Authenticator app customization
There are different authenticator apps for push notifications.
- OneSpan Mobile Authenticator. This authenticator app is available in app stores. You only need to download and activate it. However, it cannot be customized, does not support push and sign, and only works as cloud-only solution.
- Mobile Authenticator Studio. Authenticator apps created using Mobile Authenticator Studio can be customized to some extent. They support all workflows and can be used for mixed cloud/on-premises solutions.
- OneSpan Mobile Security Suite. Authenticator apps integrating Mobile Security Suite are implemented using SDKs. The SDKs provide the most flexibility, but require customer-side development effort.
|
Cloud only MA / MAS / MSS |
Cloud/on-prem MA / MAS / MSS |
On-prem only MA / MAS / MSS |
---|---|---|---|
Provisioning | ✓ / ✓ / – | – / ✓ / ✓ | – / ✓ / ✓ |
Push and login | ✓ / – / – | – / ✓ / ✓ | – / ✓ / ✓ |
Push and sign | – / – / – | – / ✓ / ✓ | – / ✓ / ✓ |