Assigning an Authenticator to a User

  • Published on Jul 7, 2025
  • 3 minute(s) read
Prev Next

Assigning an authenticator to a user is possible only if you have the required administrative privileges. You can only assign authenticators that are within your administrative scope.

Before you begin

  • Ensure that you have administrative access to OneSpan Authentication Server Administration Web Interface.
  • Ensure that you have the Assign DIGIPASS privilege assigned.

Assigning an authenticator to a user

The procedure to assign an authenticator varies depending on whether you start from the Digipass tab or from the User tab.

To assign an authenticator from the Digipass tab

  1. Log on to the Administration Web Interface.

  2. Specify the authenticator by doing one of the following:

    • Locating the authenticator using extended search:

      1. Select DIGIPASS > Find/manage.
      2. Specify the search criteria according to your needs.
      3. Click SEARCH.
      4. Select the authenticator in the result list.

    • Locating the authenticator using fast search:

      1. Type the authenticator serial number in the FIND box on the main page.
      2. Select the DIGIPASS radio button.
      3. Click SEARCH.
      4. Select the authenticator in the result list.

  3. Click ASSIGN.

    The Search Users tab of the Assign DIGIPASS wizard is displayed.

  4. Type the user name of the user to whom you want to assign the authenticator and click SEARCH.
  5. Select the user from the result list and click NEXT.

  6. Specify the grace period.

    The grace period expires automatically when a one-time password (OTP) is used to authenticate for the first time, i.e. after the OTP has been successfully validated (if it has not been set manually to expire prior to that in the relevant policy). It also expires after a successful MDL activation, either using an OTP or a signature validation.

  7. Specify the validity start date and time.
  8. Select the date and time the authenticator expires.

  9. If required, specify a checker administrator.

    This is only required if maker–checker authorization is enabled. In that case, type the checker administrator in the Checker box, using the user@domain format.

    Select the Execute the operation automatically after approval checkbox if you want the operation to be executed automatically upon approval by the checker administrator.

  10. Click ASSIGN.

    The assignment result is shown on the Finish tab.

    If maker–checker authorization is enabled, a pending operation is created for this action. Otherwise, the authenticator is assigned.

To assign an authenticator from the User tab

  1. Log on to the Administration Web Interface.
  2. Select USERS > List.

  3. Click on the user ID of the user to whom you want to assign the authenticator.

    The User Properties page is displayed.

  4. Switch to the Assigned DIGIPASS tab.

  5. Click ASSIGN.

    The Search DIGIPASS page of the Assign DIGIPASS wizard is displayed.

  6. Enter the search criteria.
  7. Specify whether you want to search and auto-select the authenticator, or whether you want to manually select the authenticator to assign and click NEXT.

  8. If you selected Search now to select DIGIPASS to assign in the previous step, the Select DIGIPASS tab is displayed. Select the authenticator you want to assign and click NEXT.

    This step is skipped if you selected Search and auto-select during assignment.

  9. Specify the grace period.

    The grace period expires automatically when a one-time password (OTP) is used to authenticate for the first time, i.e. after the OTP has been successfully validated (if it has not been set manually to expire prior to that in the relevant policy). It also expires after a successful MDL activation, either using an OTP or a signature validation.

  10. Specify the validity start date and time.
  11. Select the date and time the authenticator expires.

  12. If required, specify a checker administrator.

    This is only required if maker–checker authorization is enabled. In that case, type the checker administrator in the Checker box, using the user@domain format.

    Select the Execute the operation automatically after approval checkbox if you want the operation to be executed automatically upon approval by the checker administrator.

  13. Click ASSIGN.

    The assignment result is shown on the Finish tab.

    If maker–checker authorization is enabled, a pending operation is created for this action. Otherwise, the authenticator is assigned.

Additional considerations

If an authenticator license used for multi-device licensing (MDL) is assigned, the payload key is automatically regenerated on assignment (including re-assignment to another user).

Additional tasks

  • If maker–checker authorization is enabled, the command is not completed immediately, but must be authorized by another administrator, i.e. the checker administrator (see Approving a pending operation).
  • After the pending operation has been approved by the checker administrator, you can complete it (see Executing an approved pending operation). If you selected the Execute the operation automatically after approval checkbox, the pending operation will be completed automatically on your behalf upon approval by the checker administrator.