OneSpan Authentication Server Setup Wizard

The OneSpan Authentication Server Setup Wizard guides you through the configuration of several basic OneSpan Authentication Server settings. These settings include the master domain, an administrator account, hardware security module configuration, and secure auditing.

OneSpan Authentication Server Settings

Figure: OneSpan Authentication Server Setup Wizard – IDENTIKEY Authentication Server Settings page

Enter the name of the master domain to be used, and, optionally, select the Case Sensitive User IDs / Domain Names checkbox.

At this stage you have the option to enable a hardware security module (HSM) and secure auditing. For more information about these features, refer to the OneSpan Authentication Server Appliance Product Guide.

You cannot disable/enable HSM and/or secure auditing settings after completing this wizard. To do so, you need to reset to the factory defaults.

Secure Auditing

If you selected secure auditing on the first screen of the OneSpan Authentication Server Setup Wizard, you will see the Secure Auditing page.

Figure: OneSpan Authentication Server Setup Wizard – Secure Auditing page

• Epoch Length in Lines. Each epoch ends after the specified number of lines has been written to the secure audit data store.
• Epoch Length in Seconds. Each epoch ends after the specified time (in seconds) has elapsed.

The secure auditing setup depends on whether you have any HSM enabled. If you have an HSM enabled, encryption settings will be stored on that HSM (see Secure auditing with a hardware security module (HSM)).

If HSM support is not enabled, then you need to configure a secure auditing key pair. If you choose Install my own keypair, you will need to upload this file in the PEM format to OneSpan Authentication Server Appliance. You will also be asked to provide the matching master audit keystore passphrase.

Secure auditing for OneSpan Authentication Server Appliance only supports elliptic curve keys that are NIST P-256–compliant and stored in the PKCS12 format.

HSM Configuration

If you have installed a hardware security module (HSM), you can configure it for use here. For more information about using an HSM, refer to the OneSpan Authentication Server Appliance Product Guide.

Before starting, ensure that the license for OneSpan Authentication Server Appliance includes HSM functionality.

For more information about setting up information required to populate the fields on this page, see Hardware security module setup. The procedures described in that section must be performed BEFORE attempting this screen!

Figure: OneSpan Authentication Server Setup Wizard – Hardware Security Module page

OneSpan Authentication Server Admin User

Enter a user name to be used as the following:

1. The first administrator for OneSpan Authentication Server.
2. An administrator logon for the Configuration Tool.

Enter and confirm a password. The password format must comply with the OneSpan Authentication Server password strength rules. For more information about password strength rules, refer to the OneSpan Authentication Server Appliance Product Guide.

Figure: OneSpan Authentication Server Setup Wizard – Administrative User page

Completing Configuration

Once the details have been provided on the OneSpan Authentication Server Setup Wizard screens, OneSpan Authentication Server will be configured with the minimum details allowed for first time use.

Figure: OneSpan Authentication Server Setup Wizard – Ready to Configure page

Figure: OneSpan Authentication Server Setup Wizard – Configured page