About Back-End Authentication

Back-end integration involves the integration of custom authentication mechanisms into OneSpan Authentication Server. These custom authentication mechanisms can then be referred to in authentication policies, and thus be included when processing user authentication requests.

Back-end integration is typically used for the following purposes:

• Integration with or migration from legacy authentication systems. This type of integration is typically used together with Dynamic User Registration (DUR) and authenticator auto-assignment. For example, software authenticator provisioning using a legacy authentication system to verify a historical password. The historical password in this case is a credential that the user has to provide to get a software authenticator assigned.

  OneSpan Authentication Server can be integrated with the legacy system to pass details back to the legacy authentication system and receive a reply. The provisioning result depends on the reply from the legacy authentication system.

• Password replacement. This allows the user to log in with just a one-time password (OTP) in an environment where the password of a legacy authentication system is required.

To configure OneSpan Authentication Server for back-end authentication (Overview)

1. Design and implement an authentication engine.
2. Load the authentication engine into OneSpan Authentication Server.
3. Define the policies that use the authentication engine as back-end authentication protocol.