March 2022

Setting a static password during online activation is now optional. This allows passwordless use of the system and prevents your customers from being exposed to static passwords. With this, expiring passwords no longer cause issues, e.g. because of locked user accounts.

The product documentation that describes the registration and authenticator activation flow has been updated in the OneSpan Cloud Authentication Integration Guide.

In OneSpan Cloud Authentication, policies specify various login settings which can affect how a user can log in to a specific site, and how the login is handled by OneSpan Cloud Authentication. The policies that govern the OneSpan Cloud Authentication authentication operations have now been documented here: Authentication policies. These articles aim to facilitate the understanding of the possibilities and limitations of OneSpan Cloud Authentication.

OneSpan Cloud Authentication uses the Transport Layer Security (TLS) protocol. Documentation on the required TLS settings is now available at Configuration of TLS settings. Ensure to observe the specified requirements for your integration of OneSpan Cloud Authentication.

It is possible to create metadata statements that are not unique, e.g. create two or more metadata statements with the same tenant and AAGUID (FIDO2) or AAID (FIDO UAF). This leads to issues with registration and authentication operations since OneSpan Cloud Authentication throws uniqueness errors.

Status: This issue has been fixed. Only unique metadata statements can now be used.

For orchestration errors, OneSpan Cloud Authentication logs important messages incorrectly on lower log levels. Therefore, the messages are not visible. Also, in some cases, the tenant information is not included.

Status: This issue has been fixed.