Login
    Contenu x
    Authentication Methods
    • 13 Nov 2024
    • 4 Minutes à lire
    • Sombre
      Lumière
    Contenu

    Authentication Methods

    • Mis à jour le 13 Nov 2024
    • 4 Minutes à lire
    • Sombre
      Lumière
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    In a Digipass Authentication Module deployment, a user tries to access a resource using a web browser. The resource is protected by ADFS. The user needs to provide the credentials to ADFS before they can access the resource. ADFS will validate these credentials with AD and with OneSpan Authentication Server.

    For detailed information about logon methods and options, refer to the product documentation for your authentication server

    Response-Only logon

    A user attempts to access a resource protected by Microsoft ADFS, which is configured to use multi-factor authentication with Digipass Authentication for Microsoft ADFS. OneSpan Authentication Server is configured for Response-Only authentication.

    Workflow: Response-Only

    1. The user attempts to open a protected resource in a web browser and is redirected to ADFS for authentication. A user logon page (including a user ID and password field) is displayed.

    2. The user enters the Windows credentials, which are validated against AD (1FA).

    3. If Digipass Authentication for Microsoft ADFS is installed and configured as an additional authentication method, a second logon page requesting a one-time password (OTP) is displayed. The form on this page is generated by Digipass Authentication for Microsoft ADFS.

    4. The user generates an OTP with the user's authenticator and enters it in the logon page (2FA).

    5. OneSpan Authentication Server validates the user credentials. If successful, OneSpan Authentication Server generates a claim indicating that the user was successfully authenticated, and returns the claim to Microsoft ADFS.

    6. Microsoft ADFS grants the authenticated user access to the protected resource.

    1-step Challenge/Response logon

    A user attempts to access a resource protected by Microsoft ADFS, which is configured to use multi-factor authentication with Digipass Authentication for Microsoft ADFS. OneSpan Authentication Server is configured for 1-step Challenge/Response authentication.

    Workflow: 1-step Challenge/Response

    1. The user attempts to open a protected resource in a web browser and is redirected to ADFS for authentication. A user logon page (including a user ID and password field) is displayed.

    2. The user enters the Windows credentials, which are validated against AD (1FA).

    3. If Digipass Authentication for Microsoft ADFS is installed and configured as an additional authentication method, Digipass Authentication for Microsoft ADFS requests a server challenge from OneSpan Authentication Server.

    4. OneSpan Authentication Server generates a challenge and returns the challenge and the challenge key to Digipass Authentication for Microsoft ADFS.

    5. A second logon page is presented, displaying the challenge and requesting a one-time password (OTP).

    6. The user generates an OTP based on the presented challenge with the user's authenticator and enters the OTP in the logon page (2FA).

    7. OneSpan Authentication Server validates the authentication request including the user ID, the OTP, and the challenge key. If successful, OneSpan Authentication Server generates a claim indicating that the user was successfully authenticated, and returns the claim to Microsoft ADFS.

    8. Microsoft ADFS grants the authenticated user access to the protected resource.

    2-step Challenge/Response logon

    A user attempts to access a resource protected by Microsoft ADFS, which is configured to use multi-factor authentication with Digipass Authentication for Microsoft ADFS. OneSpan Authentication Server is configured for 2-step Challenge/Response authentication.

    Workflow: 2-step Challenge/Response

    1. The user attempts to open a protected resource in a web browser and is redirected to ADFS for authentication. A user logon page (including a user ID and password field) is displayed.

    2. The user enters the Windows credentials, which are validated against AD (1FA).

    3. If Digipass Authentication for Microsoft ADFS is installed and configured as an additional authentication method, a second logon page requesting a one-time password (OTP) is displayed. The form on this page is generated by Digipass Authentication for Microsoft ADFS.

    4. Unlike Response-Only logon, the user needs to type a keyword in the OTP field. Digipass Authentication for Microsoft ADFS then sends an authentication request with the user ID and keyword to OneSpan Authentication Server.

    5. OneSpan Authentication Server generates a challenge and returns the challenge and the challenge key to Digipass Authentication for Microsoft ADFS.

    6. A second logon page is presented, displaying the challenge and requesting an OTP.

    7. The user generates an OTP based on the presented challenge with the user's authenticator and enters the OTP in the logon page (2FA).

    8. OneSpan Authentication Server validates the authentication request including the user ID, the OTP, and the challenge key. If successful, OneSpan Authentication Server generates a claim indicating that the user was successfully authenticated, and returns the claim to Microsoft ADFS.

    9. Microsoft ADFS grants the authenticated user access to the protected resource.

    Virtual Mobile Authenticator logon

    Virtual Mobile Authenticator can be used as a backup mechanism when users do not have access to their primary authenticators. When using Virtual Mobile Authenticator, the user receives one-time passwords via SMS or email.

    Workflow: Virtual Mobile Authenticator

    1. The user requests authentication with Virtual Mobile Authenticator by clicking the corresponding button in the Response-Only or 1-step Challenge/Response logon interface.

    2. Microsoft ADFS presents a new page requesting a keyword.

    3. The user types the keyword to request a Virtual Mobile Authenticator OTP.

    4. Digipass Authentication for Microsoft ADFS evaluates the keyword and sends an authentication request with the username and the keyword (as the password) to OneSpan Authentication Server.

    5. OneSpan Authentication Server generates a one-time password (OTP) and sends it to the user via SMS or email. Additionally, OneSpan Authentication Server generates a challenge and returns the challenge to Digipass Authentication for Microsoft ADFS.

    6. A second logon page is presented displaying the challenge and requesting an OTP.

    7. The user enters the OTP previously received in the logon page.

    8. OneSpan Authentication Server validates the authentication request. If successful, OneSpan Authentication Server generates a claim indicating that the user was successfully authenticated, and returns the claim to Microsoft ADFS.

    9. Microsoft ADFS grants the authenticated user access to the protected resource.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle