Overview of OneSpan Authentication Trees and Nodes

This authentication tree covers the validation workflow for non-monetary events.

Related demo workflow: Use case scenario: Event validation

This authentication tree covers the validation workflow for monetary events and transactions. If the transaction is evaluated as being risky, a step-up authentication is required.

Related demo workflow: Use case scenario: Transaction validation

This authentication tree covers user login workflows. It collects user data or CDDC data depending on the current session state. This data is evaluated by a custom node to calculate the risk and initiate a step-up login if required.

Related demo workflows: Use case scenario: Login and Use case scenario: Login step-up authentication

This authentication tree covers the user registration workflow. It refers the users to the OneSpan TID IAA Mobile Demo App download page and provides a sign-up form to gather user information required for the TID user registration process. It initiates the registration process, retrieves Cronto images to get activation data, and processes the activation result.

Related demo workflow: Use case scenario: Registration

This node is specifically for OCA use cases.

In a provisioning process, after scanning the second activation password, the authenticator will return the first OTP. This node prompts for that signature and finalizes the activation process.

See node reference (OCA).

This node is specifically for OCA use cases.

In a provisioning process, after scanning the activation password, the authenticator will return its device code. This node prompts for that device code and continues the process.

See node reference (OCA).

This node exposes the OneSpan TID Check Activation Status API, i.e. /registrations/check-status. It can be polled to determine if an authenticator has completed activation.

See node reference (OCA) and node reference (IAA).

This node exposes the OneSpan TID Check Session Status API, i.e. /sessions/{requestID}. It can be used to determine if an authentication process has been completed.

See node reference (OCA) and node reference (IAA).

This node is specifically for OCA Challenge/Response authentications.

It requests a random challenge that will be presented to the user later in the process. The user types it in the authenticator and enters the response in the authentication page.

See node reference (OCA).

This node provides the capability to hide visual codes from the UI if the OneSpan Auth Visual Code node was used in a UI flow before.

See node reference (OCA) and node reference (IAA).

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the User Login API (/users/{userID@domain}/login) to validate the end user’s login request. It then returns the result of the authentication attempt.

For Intelligent Adaptive Authentication use cases, the request will further be validated by the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the User Register API (/users/register) and User Unregister API (/users/{userID@domain}/unregister), which validate and process the registration/unregistration of a user.

See node reference (OCA) and node reference (IAA).

This node invokes the Event Validation API (/users/{userID@domain}/events/validate), which validates a non-monetary event against the Risk Analytics service and the Authentication service. It then returns the validation result.

If Risk Analytics requires an extra challenge, a multi-factor authentication flow has to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

This node can be used for Intelligent Adaptive Authentication and OneSpan Cloud Authentication (OCA) use cases.

It invokes the Transaction Service API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Authentication service and returns the result.

For Intelligent Adaptive Authentication use cases, it further validates the request against the Risk Analytics system. If Risk Analytics requires an extra challenge, a multi-factor authentication flow needs to be designed to continue along the Step Up outcome path.

See node reference (OCA) and node reference (IAA).

This node reads the visual code message from the sharedState object and renders it as a visual code. The end users can scan the image with a mobile app integrated with the Mobile Security Suite SDKs or authenticators with Cronto image support.

The node can be part of a page node or be leveraged independently of the UI flow.

See node reference (OCA) and node reference (IAA).

This node invokes the Risk Analytics Transaction Insertion API (/users/{userID@domain}/transactions/validate), which validates monetary transaction requests against the Risk Analytics system without sending the adaptive authentication request.

This node uses the Client Device Data Collector (CDDC) library to collect the end user’s device fingerprint and browser data. It stores the data in the sharedState object. This information is used later by Risk Analytics to assess the risk of the web session context.

See node reference (OCA) and node reference (IAA).

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation to obtain the specific attributes in your environment.

This node is used to collect some attributes required for demo transaction workflows.

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation to handle the errors in your specific environment.

This node parses the OneSpan Trusted Identity platform (TID) API response when an error is received and allows it to be easily displayed in the workflow.

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation.

This node stores the data that is retrieved after a step-up event (login, transaction or event validation) has been identified. The command string is a very large string returned by the OneSpan Trusted Identity platform (TID) event validation API. This string must be sent to the client authentication device.

In the workflows defined in this demo, the string is stored in a database (specified in this node) and referenced by the session or request ID. The session or request ID is then passed to the next node, which should be the OneSpan Auth Visual Code node in this case. The mobile app is designed to send a request to the database added here by default to look up the command string in the data of the Cronto image.

For demo purposes only. You should not use this node in production environments, but replace it with your own node implementation.

When creating a OneSpan TID Transaction Event, the details of the transaction need to be collected. This node generates a form to collect specific values that are used by the OneSpan Risk Analytics Send Transaction node.