HIGHLIGHTS
OneSpan Authentication Server is a centralized authentication server offering strong authentication and validation of transaction signatures. It verifies authentication requests from individuals trying to access the corporate network or business applications.
The solution adds additional security measures to standard username/password logins across a wide range of servers and services. This stops unauthorized logins, even when passwords have been compromised. OneSpan Authentication Server is ideally suited for large and small enterprise network security implementations, application security, and online banking security.
- Can be used out of the box or integrated with existing infrastructure
- Designed to fit the needs of organizations of any size
- Easy to install, manage, and support
- Easy to integrate in existing infrastructure
- Efficient tools for helpdesk staff
- Robust and easily expandable with users and applications
- Cronto® technology ensures an easy and convenient user experience
- Smooth migration, updates, and maintenance
OneSpan Authentication Server is a comprehensive, centralized, and flexible authentication platform designed to deliver complete authentication lifecycle management via a single, integrated system.
It offers secure and seamless access to a variety of corporate resources and (banking) applications, from SSL VPNs to cloud-based apps. It supports OneSpan's entire range of authentication solutions, and simplifies authentication management for both administrators and end users.
"OneSpan Authentication Server has an excellent high available design structure, an auto enrolment feature and is fully integrated with Windows Active Directory and Radius services. Together with the web based administrator interface, these features ensure that system administrators are able to work in a transparent and straightforward manner."
Strong, two factor authentication
The combination of OneSpan Authentication Server and Digipass® provides strong user authentication and greater security than static passwords, which expose the organization to data breaches. OneSpan Authentication Server provides a turnkey solution that can be rapidly implemented and operational.
User-friendly transaction validation
OneSpan Authentication Server offers highly secure transaction signature validation for banks and financial institutions. Optional features include support for EMV-CAP and Hardware Security Module (HSM) to validate the signature in a secure and tamper-proof environment. By using the latest Cronto technology, users can enjoy the best experience for their online banking by simply scanning a color QR Code to log in or confirm a transaction.
Interoperability at the front-end
OneSpan Authentication Server uses a non-intrusive method of enabling Digipass authentication. It can be integrated using RADIUS, with Microsoft IIS-based applications such as Outlook Web Access, Citrix StoreFront, or Microsoft RDWeb Access, or with any Internet application using SOAP. Additional modules are available for direct plug-in in various third-party systems, such as Juniper SBR and Microsoft ADFS3.0/4.0.
Wide range of supported databases
OneSpan Authentication Server supports a wide range of ODBC-compliant databases for data storage and ships standard with MariaDB. The Digipass related data can be stored with the users in the ODBC database and synced with Windows user information from the Active Directory.
Convenient web-based user interface
All administration functions are available through a web-based user interface, allowing remote administration and creating new opportunities for managed security services providers. End-user support is efficient and easy to manage thanks to a dedicated overview of all functions that are required and used on a daily basis by helpdesk staff. An intuitive SelfManagement Website allows endusers to manage their software and hardware Digipass without helpdesk intervention, thus freeing up admin resources.
Extensive auditing and reporting
The audit console monitors incoming and outgoing events on the OneSpan Authentication Server. Data gathered by the audit console provides critical details necessary to effectively manage a remote access environment. Extensive XML or HTML formatted reporting is provided for help desk troubleshooting, system and security auditing, and accounting purposes.
Fits in any environment
OneSpan Authentication Server is available in the widest range of supported platforms: Windows Server, Ubuntu, and RedHat distributions, VMware, Hyper-V, and Citrix virtual environments, as well as dedicated appliance formats.
The integration went smoothly and quickly. OneSpan’s Professional Services team and the technical team supported the integration well. In addition, the configuration with our NBF Direct online banking application was also done swiftly, thus allowing us to enhance two-factor authentication for our corporate banking customers in a quick and easy way. With this additional layer of security, we have made our customers even happier with NBF’s services and level of customer engagement.
FEATURES
- Supports Digipass two-factor authentication, Cronto QR, and transaction data validation
- Supports Hardware Security Module (HSM)
- Supports RADIUS and Microsoft IIS web server-based clients (Outlook Web Access, Citrix StoreFront, Remote Desktop Web Access)
- Supports Office365 via ADFS3.0/4.0
- Supports Internet hosted applications via SOAP
- Supports wireless protocols & the return of RADIUS attributes
- Validation of Digipass Authentication for Windows Logon for locally connected users, in online and offline mode
- Active Directory integration, ODBC database support
- High availability through server replication and load balancing
- End-user self-management website
- Web-based administration GUI in a single browser window for all administrative functions
- Dedicated dashboard page
- Comprehensive audit system, with storage in a database or text file and an optional live audit viewer
- Activity reporting with output in PDF/XML/HTML format
- SNMP monitoring
- Available as Appliance or Virtual Appliance
COMPLIANCE TO STANDARDS
Radius
- RFC 2865 and RFC 2866
Authentication
- Digipass OTP (challenge / response, response only)
- Digipass Signature (transaction validation)
- OATH (event-based, time-based)
- EMV-CAP
Security
- RFC 8446 (TLS 1.3)
SUPPORTED ENVIRONMENTS
Operating System (Windows version)
- Windows Server 2016, 2019, 2022
Operating System (Windows desktop)
- Windows 10 (1507 / 1607 / 1809 / 21H2 / 22H2)
- Windows 11 (21H2, 22H2, 23H2)
- Windows Server 2016, 2019, 2022
Operating System (Linux version)
- Ubuntu Server 18.04 LTS, 20.04 LTS, 22.04 LTS (64-bit)
- RedHat Enterprise Linux version 7.8+, 8.x, 9.x (64-bit)
- Rocky LInux 8/9
Virtual Images
- VMWare ESXi Server version 5.5, 6.0, 6.5, 6.7
- Citrix XenServer 6.2, 6.5SP1, 7.0
- Microsoft Hyper-V
Supported Web Servers
- Apache Tomcat version 9.0..90
- IBM WebSphere Liberty / OpenLiberty 23
- WildFly 15+ / Jetty 9.4
Should include Java: JRE11, JSP2, JS2.4
Supported Web browsers
- Google Chrome, Microsoft Edge, Mozilla Firefox
The Administration Web Interface supports all browser versions currently supported by the respective vendors
Data Store (DBMS)
- Oracle 19c (64-bit, Linux, Windows)
- Microsoft SQL Server 2014, 2016, 2017, 2019, and 2022 with AlwaysOn Support (Windows)
- MariaDB 10.11.5 (Linux, Windows)
LDAP Back End Authentication
- Windows Server 2016 AD, 2019 AD, 2022 AD
- IBM Security Directory Server 6.3
- Open LDAP 2
HSM
- Thales ProtectServer Gold, Orange, Express
- Thales ProtectServer External 2, Internal-Express 2
- Thales ProtectServer 3
- Entrust nShield Connect XC