Login
    Contenu x
    Multiple authenticators or authenticator applications
    • 16 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Multiple authenticators or authenticator applications

    • Mis à jour le 16 Jan 2025
    • 2 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Authenticator users can have multiple authenticators assigned to their user accounts. Those authenticators may have multiple authenticator applications enabled. In that case, OneSpan Authentication Server needs to know:

    1. Whether a user is allowed to have multiple authenticator applications assigned.
    2. Which authenticator and authenticator application will be used for a particular logon of the user.

    Figure: Multiple authenticator assignments illustrates an example of how authenticators and authenticator applications can be assigned.

    Multiple authenticator assignments

    Figure:  Multiple authenticator assignments

    You can configure whether to allow the use of multiple authenticator applications per user. By default, this setting is enabled.

    OneSpan Authentication Server also supports the multi-device licensing and multi-device activation model (see Authenticator licensing and activation).

    One authenticator license allows to instantiate several authenticator instances that are bound to the same authenticator license. Authenticator instances are not different from authenticators activated in the standard process with regard to the representation of authenticator applications. OneSpan Authentication Server creates the authenticator instance(s) for a particular license during the multi-device activation process.

    Aside from configuring whether multiple authenticator applications per user is allowed, you can also restrict which authenticator application is allowed for a specific policy. With this kind of restriction, OneSpan Authentication Server will only verify OTP against that type of authenticator application. So if a policy restricts allowed authenticator applications to Response-Only, then OneSpan Authentication Server will verify all OTP only against RO applications assigned to a user.

    When considering whether to allow multiple authenticator applications per user and/or which authenticator applications to allow, see Table: OTP authentication for scenarios with single and multiple authenticator applications. This table explains how OneSpan Authentication Server authenticates OTP from each user account, given various possible scenarios.

    Table:  OTP authentication for scenarios with single and multiple authenticator applications
    ScenarioUser account 1User account 2User account 3
    Multiple authenticator applications allowed, no policy restrictions on authenticator applications.OTP is authenticated against all authenticator applications from assigned authenticators.OTP is authenticated against all authenticator applications from assigned authenticators.OTP is authenticated against the authenticator application from assigned authenticators.
    Multiple authenticator applications allowed, only RO applications allowed.OTP is authenticated only against application 1 of both assigned authenticators.OTP is authenticated only against application 1 of assigned authenticators.OTP is authenticated against application 1 of assigned authenticators.
    Single authenticator applications allowed, no policy restrictions on authenticator applications.OneSpan Authentication Server detects multiple authenticator applications assigned and immediately fails the logon attempt.OneSpan Authentication Server detects multiple authenticator applications assigned and immediately fails the logon attempt.OTP is authenticated against authenticator application from assigned authenticators.
    Single authenticator applications allowed, only RO applications allowed.OneSpan Authentication Server detects multiple RO authenticator applications assigned and immediately fails the logon attempt.OneSpan Authentication Server detects one RO assigned, and authenticates OTP against this application.OTP is authenticated against authenticator application from assigned authenticators.

    For information about grace periods with multiple authenticators, see Grace period.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle