Unassigning an Authenticator

  • Published on Jul 7, 2025
  • 1 minute(s) read
Prev Next

You can unassign an authenticator from the user it has been assigned to. You can also unassign several authenticators at a time.

Unassigning an authenticator is possible only if you have the required administrative privileges. You can only unassign authenticators that are within your administrative scope.

When unassigning an authenticator license of an authenticator compliant with multi-device licensing, the corresponding authenticator instance or instances are automatically deleted. This action is not reversible, i.e. the deleted instances cannot be recovered! Also, an authenticator instance can never be separately unassigned.

Before you begin

  • Ensure that you have administrative access to the OneSpan Authentication Server Administration Web Interface.
  • Ensure that you have the Unassign DIGIPASS privilege assigned.

Unassigning an authenticator

To unassign an authenticator from a user

  1. Log on to the Administration Web Interface.

  2. Specify the authenticator by doing one of the following:

    • Locating the authenticator using extended search:

      1. Select DIGIPASS > Find/manage.
      2. Specify the search criteria according to your needs.
      3. Click SEARCH.
      4. Select the authenticator in the result list.

    • Locating the authenticator using fast search:

      1. Type the authenticator serial number in the FIND box on the main page.
      2. Select the DIGIPASS radio button.
      3. Click SEARCH.
      4. Select the authenticator in the result list.

  3. Click UNASSIGN.

    A confirmation window appears.

  4. If required, specify a checker administrator.

    This is only required if maker–checker authorization is enabled. In that case, type the checker administrator in the Checker box, using the user@domain format.

    Select the Execute the operation automatically after approval checkbox if you want the operation to be executed automatically upon approval by the checker administrator.

  5. Click YES to confirm the operation.

    If maker–checker authorization is enabled, a respective pending operation is created for this action. Otherwise, the authenticator is unassigned.

Additional tasks

  • If maker–checker authorization is enabled, the command is not completed immediately, but must be authorized by another administrator, i.e. the checker administrator (see Approving a pending operation).
  • After the pending operation has been approved by the checker administrator, you can complete it (see Executing an approved pending operation). If you selected the Execute the operation automatically after approval checkbox, the pending operation will be completed automatically on your behalf upon approval by the checker administrator.