Digipass Authentication for Windows Logon attempts to open connections to the configured OneSpan Authentication Server instance in the background as soon as it is initialized (or enumerated) by the Windows Logon UI process. It uses this background connection to retrieve initial configuration from the authentication server instance to accelerate subsequent authentication requests.
The Windows Logon UI process enumerates the configured credential providers when a user selects a respective tile on the Windows Logon screen. However, depending on the system environment, it can also happen that it enumerates the Digipass Authentication for Windows Logon Credential Provider in case of non-user actions, such as after a logoff. This can cause some network performance issues in some environments, since these background connections remain active for a while.
If you experience such performance issues, you can attempt to mitigate them by disabling background connections to the OneSpan Authentication Server instances. You can configure the background connection behavior via the following Group Policy setting:
Computer Configuration > Policies > Administrative Templates > OneSpan > Digipass Authentication for Windows Logon > Authentication and Security > Authentication Provider > Disable Background Connection With OAS
The following settings are available:
Disable Background Connection With OAS. If you enable this Group Policy setting, the Digipass Authentication for Windows Logon client does not initiate any background connections, but will only attempt to connect to the authentication server instance in context of an explicit user action.
Enabling this setting may significantly increase the time required to complete the logon process in environments where the client experiences connection issues to the authentication server. In such cases, Digipass Authentication for Windows Logon will attempt to reconnect until all configured connection retries are used, before it will proceed with the user authentication, for example, fall back to offline authentication.
Maximum Number of Connection Retry Attempts. This option can only be set if you enable Disable Background Connection With OAS. It specifies how often the Digipass Authentication for Windows Logon client will attempt to re-establish a connection to the authentication server if the initial connection attempt fails (if background connections are disabled). It applies only to connection-level failures, for example, network timeouts or unreachable hosts, and is used during user-initiated connection attempts.
We recommend configuring a low number of retries. In environments where the connection to the authentication server instance is unstable or unreliable in general, excessive retry attempts may cause noticeable delays in the authentication process for end users.
The total time allowed for all connection attempts is limited to 30 seconds. If the combined duration of all connection attempts exceeds that limit, any remaining attempts will be skipped.