Authenticator Management
  • 29 Oct 2024
  • 3 Minutes to read
  • Dark
    Light

Authenticator Management

  • Dark
    Light

Article summary

Intelligent Adaptive Authentication supports the API-based administration of authenticator management tasks. You can administrate authenticators through the authenticator-management interface of the OneSpan Trusted Identity platform API.

Authenticator management tasks and request elements

The authenticator-management interface validates and returns the status of each operation upon completion. The interface handles the administration tasks with the relevant request endpoints and methods.

Supported authenticator management tasks with the relevant endpoints and methods

Operation

Description

Request endpoint

Query authenticators

Retrieve all authenticators that match certain query criteria (e.g. serial number, domain, authenticator type, assignment status, instance description).

GET /authenticators

Query FIDO authenticators

Retrieve FIDO authenticator registrations by user, registration type, or a combination of these two, either for a specific user or all users.

For more information, see Find registrations.

GET ​/fido-registrations

View authenticator

View a specific authenticator.

GET /authenticators/{serialNumber}

Verify license activations

Verify the availability of license activations for the provisioning of MDL authenticators.

If you want to verify the availability of a single license, use the view-authenticator endpoint.

GET /authenticators/{serialNumber}

If you want to verify several licenses or do not know a license number, use the query-authenticators endpoint (and filter e.g. by type and assigned = true as parameters).

GET /authenticators

Delete authenticator

Delete the serial number of standard licensing (SDL) authenticators, and licenses and/or instances of MDL authenticators.

DELETE /authenticators/{serialNumber}

Delete FIDO authenticator

Deregister a FIDO authenticator and/or delete registrations of FIDO authenticators.

For more information, see Delete registrations and Deregistration of a FIDO UAF authenticator.

DELETE ​/fido-registrations/{registrationID}

Update authenticator application

Update an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

Update FIDO authenticator

Update a FIDO registration to change the customized registration name with the registration ID. For more information, see Update user registration name.

PATCH ​/fido-registrations/{registrationID}

Generate virtual OTP

Generate a virtual OTP for an authenticator application.

POST /authenticators/{serialNumber}/applications/{applName}/generate-votp

Set PIN

Set the PIN for an authenticator application.

It is not possible to set the PIN for an authenticator application in the same request used for enabling / disabling the PIN for an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

Reset PIN

Reset the PIN for an authenticator application.

POST /authenticators/{serialNumber}/applications/{applName}/reset-pin

Unlock authenticator application

Unlock a user's authenticator application after too many incorrect PIN entries.

For more information, see Unlock an authenticator after incorrect PIN entries.

POST /authenticators/{serialNumber}/applications/{applName}/unlock

Test authenticator application

Trigger a test for an authenticator application (one-time password (OTP) or signature test).

POST /authenticators/{serialNumber}/applications/{applName}/test

Assign authenticator

Assign an authenticator to a user.

For FIDO-based authentication, this task is performed during authenticator registration.

POST /authenticators/{serialNumber}/assign

Bind authenticator

Device binding: bind an authenticator to a device.

POST /authenticators/{serialNumber}/bind

Decrypt an information message body

Decrypt the body of a Secure Channel information message. For more information, see Decrypt an information message body.

POST /authenticators/{serialNumber}/decrypt-information-message

Generate activation data

Generate activation data for a software authenticator.

POST /authenticators/{serialNumber}/generate-activation-data

Generate activation message

Generate an activation message for an authenticator.

POST /authenticators/{serialNumber}/generate-activation-message

Move authenticator

Move an authenticator from one domain to another.

You can only move an authenticator to another domain before the authenticator instances are created!

POST /authenticators/{serialNumber}/move

Reset authenticator activation

Reset the activation information for a specified authenticator.

For more information, see Reset authenticator activation information.

POST /authenticators/{serialNumber}/reset-activation

Unassign authenticator

Unassign an authenticator from a user.

POST /authenticators/{serialNumber}/unassign

Unbind authenticator

Unbind an authenticator from its device.

POST /authenticators/{serialNumber}/unbind

Add authenticator instance description

Add a description to an MDL authenticator instance. and use this description to identify this instance.

For more information, see Identify authenticator instances by the instance description.

POST /users/register

or

POST /registrations

Enable/disable PIN

Enable / Disable the PIN for an authenticator application.

PATCH /authenticators/{serialNumber}/applications/{applName}

User-initiated authenticator time synchronization

User-initiated time synchronization for both time- and event-based authenticators.

POST /users/{userID@domain}/sync-authenticator

Restrict the number of assigned authenticators per user

Restrict the maximum number of authenticators assigned to a user for specific authenticator types.

For more information, see Restrict the number of authenticators (licenses and/or instances) assigned per user.

N.A.

Authenticator provisioning of application secrets

With Intelligent Adaptive Authentication, you can provision authenticators offline in multi-device licensing (MDL) mode supporting the OneSpan Cronto technology. Supported authenticators are:

  • Hardware authenticators with Cronto image support

  • OneSpan Mobile Authenticator Studio


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant