OneSpan Intelligent Adaptive Authentication (IAA) helps drive down fraud, improve customer experience, and meet compliance requirements by combining our powerful OneSpan Cloud Authentication (OCA) and Risk Analytics (RA) service. By analyzing vast and disparate data acquired from user actions, device integrity, and transaction data in real time, the end-user can be dynamically presented with the appropriate authentication level for the current session or transaction.
Watch this video to learn how OneSpan intelligent adaptive authentication works.
OneSpan Auth Tree Nodes work in tandem with ForgeRock Access Management (AM) 7.3 and ForgeRock Identity Cloud.
OneSpan Adaptive Authentication provides hosted solutions to test and build web and mobile applications for login and transaction signing flows.
Integration with OneSpan Adaptive Authentication is incredibly simple and extensible, as it will support future authentication technologies without the need to change anything in your integration code.
OneSpan intelligent Adaptive Authentication uses a 'trusted device' (e.g. a mobile phone using the OneSpan Mobile Security Suite SDKs to provide strong multi-factor authentication whenever the risk associated with an action is high.
OneSpan Adaptive Authentication evaluates the risk related to an end-user request through vast data collected from the devices which is then scored with a sophisticated machine-learning engine. Depending on the risk, OneSpan Adaptive Authentication can dynamically adjust the end-user security requirements by requesting step-up authentication for higher risk transactions using various configurations of device-based, PIN-based, fingerprint-based, or face recognition-based authentication as needed to fully secure transactions.
As important components of Adaptive Authentication, OneSpan Cloud Authentication (OCA) and Risk Analytics (RA) can also be leveraged as stand-alone services.
With OCA, OneSpan offers a comprehensive solution for strong authentication in the Cloud, integrating Push Notification and Secure Channel operations.
OneSpan Auth Tree Nodes facilitates developers to integrate with below OCA use cases:
User Authentication
- With static password
- With offline one-time password (OTP)
- Secure Channel-based
- Push Notification-based
- FIDO-based
Transaction Data Signing
- Offline signing
- Secure Channel-based signing
- Push Notification-based signing
- FIDO-based signing (UAF only)
OneSpan Risk Analytics (RA) leverages the latest machine learning and sophisticated data modeling. It analyzes data in real time to produce a transaction risk score. The risk score can then drive intelligent workflows that trigger immediate action based on pre-defined and/or customer-defined security policies and rules.
The combination of intelligent automation and risk scoring streamlines processes and helps prevent account takeover, new account fraud, and mobile fraud.
In below sections, we will showcase you how to configure the Risk Analytics Presentation Service where you can monitor and design rules, factors & actions to prevent various types of fraud attack and to manage risks for corporate banking applications across multi-channels.
Download the current release here.
Copy the jar file to the "../web-container/webapps/openam/WEB-INF/lib" folder where AM is deployed, then restart the AM. The nodes will be available in the tree designer.
Below sections only give you a brief introduction to get started. For more detailed descriptions, refer to the completed guide.
For OneSpan IAA & RA Users:
-
Create an OneSpan Developer Community account.
-
Once logged in the community portal, you'll be able to create an OneSpan IAA Sandbox account.
-
Set up a mobile application integrated with the Mobile Security Suite. As an easy start up, you can install the OneSpan IAA Demo App on your phone.
-
Configure the Risk Analytics Presentation Service service.
For OneSpan OCA Users:
-
Create an OneSpan Developer Community account.
-
Once logged in the community portal, you'll be able to create an OneSpan IAA Sandbox account.
-
Install a mobile application which acts as the Digipass authenticator. You can follow either of below two options:
- To customize and build your own Mobile Authenticator Studio (MAS) app. As a quick start, you can download a sample MAS app through our demo site.
- Download “OneSpan Mobile Authenticator” from Google Play or Apple Store.
The OneSpan Auth Tree Nodes contains 1 Auxiliary Service, 16 nodes, and 4 demo nodes which will only be used for testing purpose.
The node provides a realm-specific service named "OneSpan Configuration", where allows you to specify the OneSpan IAA common configurations.
Below sample trees help you to address the most common use cases. Before start, make sure you've followed below steps:
(1) Add the "OneSpan Configuration" service.
(2) Reproduce below sample trees using either of below two methods:
-Manually create a new tree following the design and remain all the settings default.
-Import the JSON files under the "/sample" folder. (3) If you are testing with IAA Sandbox environment, your IAA domain is the same as your tenant name, update it in corresponding journeys and nodes.
1. OneSpan IAA User Register
2. OneSpan IAA User Login
3. OneSpan IAA Validate Transaction Event
4. OneSpan IAA Validate Non-Monetary Event
5. OneSpan IAA VOTP User Register
6. OneSpan IAA VOTP User Login
7. OneSpan OCA Offline User Registration and Digipass Activation
8. OneSpan OCA User Login with one-time password (OTP)
9. OneSpan OCA User Login with Challenge/Response (CR)
10. OneSpan OCA Offline Transaction Data Signing
11. OneSpan RA Insert Transaction
In this section, we will use the OneSpan IAA user register authentication for example and showcase you how the authentication nodes works in action.
To start off the authentication process, hit below link in your browser:
https://{your_instance_url}/am/XUI/?realm=alpha&authIndexType=service&authIndexValue=OneSpan-Adapative-Authentication-User-Register-Sample-Tree
You will be prompt to input the username and password. (Password should include at least one lowercase, one uppercase, one number, 8 digits in length, and doesn't include part of the username for any 3 characters)
Once the Risk Analytics has accepted the user registration, the IAA service creates a Digipass user account and awaits for a trusted device to activate the license with an activation token, which is rendered as a visual code.
Launch the AAS Demo App, click the "SCAN" button and use the camera to scan the above visual code. Once the code was detected, the app will prompt you to enter a 6 digits security pin twice. After completion the registration process, the demo app will jump to the user page and the browser will be redirected to the success URL.
Log onto your IRM system and navigate to SUPERVISE & INVESTIGATE > Latest Events, you will find the user register process has been logged by the system with necessary information.
