OneSpan Authentication Server Setup Checklist

The content is currently unavailable in French. You are viewing the default English version.

Résumé de l’article

Avez-vous trouvé ce résumé utile ?

Merci pour vos commentaires

This topic provides a checklist for the correct GDPR-compliant setup of OneSpan Authentication Server and its components.

OneSpan Authentication Server

If Basic installation with an embedded MariaDB is selected, ensure that Yes is clicked in the OneSpan Authentication Server Installation Wizard window when asked "to enable encryption".
If Advanced installation is selected, the database that will be installed must be encrypted adequately:
- Transparent Data Encryption configured
- Encrypted communication configured
SOAP communication interface configured with SSL.
SEAL communication interface configured with SSL only.
In case a component does not support SSL, the SEAL interface must be configured without SSL. However, to be GDPR-compliant, an encrypted VPN tunnel must be setup to ensure a secure communication flow.
RADIUS communication interface configured via an encrypted VPN tunnel.
When using auditing:
- Encrypt the database.
- Encrypt the folder or the disk containing the auditing data, or
- If configured, auditing to database only.
- Windows Event Logs folder is encrypted (also on remote machine, if remote logging is enabled).
- Linux syslog folder is encrypted (also on remote machine if remote logging is enabled).
If using tracing or diagnostic log files:
- Configure log file rotation.
When using replication (if configured):
- Temporal database folder or disk storing replication data is encrypted.
- SEAL protocol used for communication with OneSpan Authentication Server is SSL enabled.

Data Migration Tool

Encrypted VPN tunnel established between Data Migration Tool and OneSpan Authentication Server for the SEAL communication.
This is usually performed in migration mode, which is not a standard operational mode, and is performed before a standard operation of OneSpan Authentication Server. This workaround enables the migration in an unencrypted manner.
If using tracing or diagnostic log files:
- Configure log file rotation.

Digipass Authentication Module

SOAP protocol used for communication with OneSpan Authentication Server is SSL enabled.
Trace files are disabled, or tracing folder or disk is encrypted.

LDAP Synchronization Tool

Secure version of LDAP (LDAPS) is used.
Verify SSL is selected. With this option, the server TLS/SSL certificate is checked for validity when establishing secure connections via TLS/SSL.
Trace files are disabled, or tracing folder or disk is encrypted.
If using tracing or diagnostic log files:
- Configure log file rotation.

Message Delivery Component

SEAL protocol used for communication with OneSpan Authentication Server is SSL enabled in the MDC Configuration Utility.
Trace files are disabled, or tracing folder or disk is encrypted.
If using tracing or diagnostic log files:
- Configure log file rotation.
If the Email Delivery option is selected:
- Gateway server must be configured to use SSL and TLS encryption.

Password Synchronization Manager

SEAL protocol used for communication with OneSpan Authentication Server is SSL enabled.
If using tracing or diagnostic log files:
- Configure log file rotation.

Digipass Authentication for Windows Logon

SOAP protocol used for communication with OneSpan Authentication Server is SSL enabled.
If using tracing or diagnostic log files:
- Configure log file rotation.

DIGIPASS Gateway

Tcl Command-Line Administration tool

Cet article vous a-t-il été utile ?