Workflow: User authentication via push (Push and login)

Authenticating via push notification is a two-step process:

  1. The user triggers the authentication process.
  2. The user authenticates via push notification.

The workflow sequence depends on the deployment and involved components (see Topology and deployment scenarios). In a typical cloud-only deployment where user authentication with push notification is enabled, the components of the push notification solution interact in the sequence as illustrated in Figure: User authentication using push notifications (Workflow, Cloud only).

User authentication using push notifications (Interaction sequence, cloud only)

Figure: User authentication using push notifications (Workflow, Cloud only)

The process for the user to authenticate via push and login is as follows:

  1. The user initiates an authentication towards the application server. This triggers a push notification–based authentication process.

    To trigger the push notification mode, the user authenticates as usual and, for instance, provides user ID and/or domain and a request keyword. The request method and authentication details are defined by the OneSpan Authentication Server policy in use.

  2. The authentication trigger request is sent by the application server to OneSpan Authentication Server. OneSpan Authentication Server generates the required push notification message. The push notification message is relayed to the Message Delivery Component (MDC) service.
  3. MDC processes the information and forwards the push notification request to the OneSpan Notification Gateway (cloud).
  4. The gateway sends the push notification request to the client mobile app via third-party notification services for the respective end device.
  5. The mobile authenticator app, e.g. OneSpan Mobile Authenticator, retrieves the push notification details from the DIGIPASS Gateway. It requests the user to confirm to log on to the specified client application.
  6. The user confirms the logon request and accepts the push notification–based authentication. Next, the mobile authenticator app authenticates the user against OneSpan Authentication Server via the DIGIPASS Gateway.
  7. OneSpan Authentication Server processes this request, and in case of success returns the authentication result to the application server.
  8. The user is informed via the application server that the authentication has succeeded.