Dynamic User Registration (DUR) Using a Back-End System for Authentication

For this operation to succeed, the following administrative tasks should be performed in OneSpan Authentication Server:

To configure OneSpan Authentication Server for Dynamic User Registration (DUR) using a back-end system for authentication

1. Import software authenticators.

2. Define a provisioning policy with the following settings:

   • Policy > Local Authentication: DIGIPASS/Password during Grace Period or DIGIPASS or Password
   • Policy > Back-End Authentication: If Needed
   • Policy > Back-End Protocol: Windows, RADIUS, or Custom Name
   • User > Dynamic User Registration: Enabled
3. Register client application.
4. Assign the policy previously defined to the registered client application.
5. Define users.

For more information about performing these tasks, see the OneSpan Authentication Server Administrator Guide.

For more information about supported provisioning scenarios, see the OneSpan Authentication Server Product Guide.

To execute this operation, the registered client application needs to send a provisioningExecute SOAP command to OneSpan Authentication Server, where the value for the cmd element is PROVISIONCMD_REGISTER.

At a minimum, this SOAP command requires the following set of field attributes to perform this operation:

• PROVFLD_STATIC_PASSWORD
• PROVFLD_USERID
• PROVFLD_COMPONENT_TYPE

For more information about the required and optional attributes for this command, see SOAP provisioning.

A client application that uses the DP4Web Provisioning Sample Client component type will typically send the following SOAP command to register user test1 for this provisioning scenario:

<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:prov="http://www.vasco.com/IdentikeyServer/IdentikeyTypes/Provisioning">
  <soapenv:Header/>
  <soapenv:Body>
    <prov:provisioningExecute>
      <cmd>PROVISIONCMD_REGISTER</cmd>
      <attributeSet>
        <attributes>
          <valuexsi:type="xsd:string">233655275246515E5336245456302C2D55335D5720455A2952335C5254475A53</value>
          <attributeID>PROVFLD_ALEA</attributeID>
        </attributes>
        <attributes>
          <valuexsi:type="xsd:string">DP4Web Provisioning Sample Client</value>
          <attributeID>PROVFLD_COMPONENT_TYPE</attributeID>
        </attributes>
        <attributes>
          <valuexsi:type="xsd:string">test1</value>
          <attributeID>PROVFLD_USERID</attributeID>
        </attributes>
        <attributes>
          <valuexsi:type="xsd:string">passwd</value>
          <attributeID>PROVFLD_STATIC_PASSWORD</attributeID>
        </attributes>
      </attributeSet>
    </prov:provisioningExecute>
  </soapenv:Body>
</soapenv:Envelope>

In this example, OneSpan Authentication Server will verify the specified user's password (i.e. passwd) with the configured back-end system before generating an activation code.