Local Authentication with Historical Shared Secrets

For this operation to succeed, the following administrative tasks should be performed in OneSpan Authentication Server:

To configure OneSpan Authentication Server for multi-device licensing (MDL) user registration using local authentication with a historical shared secret

1. Define a policy with the following settings:

   • Policy > Local Authentication: DIGIPASS/Password during Grace Period or DIGIPASS or Password
   • Policy > Back-End Authentication: None
   • DIGIPASS > Assignment Mode: Auto-Assignment
   • DP Control Parameters > Challenge Check Mode: 0 - No Challenge Check
2. Register the client component.
3. Assign the policy previously defined to the registered client component.
4. Import an authenticator compliant with MDL.
5. Pre-load the user accounts and include static passwords.

For more information about performing these tasks, see the OneSpan Authentication Server Administrator Guide.

To execute this operation, the registered client application needs to send a provisioningExecute SOAP command to OneSpan Authentication Server, where the value for the cmd element is PROVISIONCMD_MDL_REGISTER.

At a minimum, this SOAP command requires the following set of field attributes to perform this operation:

• PROVFLD_STATIC_PASSWORD
• PROVFLD_USERID
• PROVFLD_COMPONENT_TYPE

For more information about the required and optional attributes for this command, see SOAP provisioning.