Bulk Cleanup DIGIPASS wizard

  • Updated on Aug 12, 2025
  • Published on Jul 7, 2025
  • 4 minute(s) read
Prev Next

The Bulk Cleanup DIGIPASS wizard helps you to clean up and purge unused authenticators and authenticator instances based on a clean-up strategy.

The wizard schedules a Bulk Cleanup DIGIPASS server task that processes the authenticator instances in the specified search range.

Available via SERVERS > Bulk Cleanup DIGIPASS.

Before you start the wizard:

  • Ensure that you have administrative access to the OneSpan Authentication Server Administration Web Interface.

  • Ensure that you have the Bulk Cleanup DIGIPASS Data privilege assigned.

Cleanup Strategy

On this page you specify the strategy and search range in the organizational hierarchy to look for unused authenticators and authenticator instances.

Field name

Description

Cleanup strategy

The strategy to determine the items that should be deleted.

Possible values:

  • Instances with reused PNID. Deletes all authenticator instances that have a reused DIGIPASS Push Notification Identifier (PNID) assigned. The PNID is considered reused if another authenticator instance for the same authenticator license exists, which uses the same PNID but has a higher sequence number.

  • Instances without PNID. Deletes all authenticator instances that have no DIGIPASS Push Notification Identifier (PNID) assigned and were never used (last authentication time is not set). The PNID is implicitly set when an authenticator instance is bound to a mobile app. The last authentication time is initially set when the authenticator instance is effectively activated. Having no PNID and no last authentication time set for an authenticator instance, indicates very likely that the activation of that particular instance was not completed.

  • Digipass not used for a specified period. Deletes all authenticators that were not used at least once for a specified number of days (retention period). The usage is determined by the date and time the authenticator was used the last time for a successful authentication. It is only set and updated if the authenticator is assigned and used by the respective user.

Domain

Select the domain that you want to search from the list. This will restrict the search to the specified domain only. Select All Domains to search all accessible domains.

Organizational Unit

Select the organizational unit that you want to search from the list. This will restrict the search to the specified organizational unit only. Select All Organizational Units to search all accessible organizational units. Select No Organizational Unit to search only for users, who are not in any organizational unit.

Search downwards in the organizational hierarchy

Specifies whether the specified organizational unit (OU) and all child OUs should be searched.

Test run

Select this option to run the task but only search for authenticators and authenticator instances that match the strategy without deleting any data. An overview of the items that would be deleted is stored in the status information of the respective server task when completed.

The server task generates a CSV report to provide a complete and detailed summary of the items that would be deleted. That report can be downloaded via the Task Management page. If you set a completion notification to Email, the CSV report is also attached to the notification mail.

DIGIPASS Retention

Use this page to specify the retention period for authenticators.

This page is only available if Cleanup strategy is set to Digipass not used for a specified period.

Field name Description
Retention period in days The time period in days during which an authenticator must be used at least once to be considered active. All authenticators with a last authentication date older or equal than this value will be deleted. The age is calculated relative to the time when the cleanup task is executed.

Schedule Task

Use this page to specify the task mode and the scheduling settings of the task.

Field name

Description

Task mode

Select on which server you wish to run the server task.

Possible values:

  • Any server. The first server that claims the server task will also run it.

  • This server. Only this server will run the server task.

  • All servers. All running servers will run the server task.

Run immediately

Runs the task now. This will lock the Administration Web Interface session. You will not be able to perform other operations until the task has finished.

Schedule

Runs the task in the background without locking the Administration Web Interface session. You will be able to perform other operations in the Administration Web Interface. It will also allow you to schedule and run the task at a later time.

Notify me of completion by

Specifies whether and how to send notifications when completing the task.

Possible values:

  • None

  • Email

  • SMS

Hour

The time for the task to be run in the 24-hour time format.

The format should be hh:mm:ss.

Date

The date for the task to be run.

The format should be YYYY-MM-DD.

Recurrence Type

Specifies whether the task should be run recurrently.

Possible values:

  • None

  • Daily

  • Monthly

Summary

This page shows the result of the server task.

If you run the task immediately and click Next, the page will display a message that the task has been submitted successfully.

If you have scheduled the task, the page will display the schedule details such as start time and notification details. The page will also display a message that the task has been submitted successfully.

Click Finish. You are taken to the Task Management page, where you can verify and manage the server task you have created. You can also download the CSV report with the complete and detailed summary of the items that would be deleted there if you have enabled Cleanup Strategy > Test run.