Note on authentication before activation/migration

The self-service can be made available without prior form-based authentication for requests with HTTP Basic Auth headers. This makes sense in scenarios where the self-service is used internally to enable OneSpan (Vasco) Digipass tokens (for later use from external networks). To enable this, set the property "Migration Via Basic Auth" totrue.

Note that this implies the following:

  • HTTP Basic Auth headers are required in the request.
  • Username and password need to be sufficient for authentication prior to OneSpan (Vasco) Digipass token activation
  • The main authenticator (before activating the OneSpan (Vasco) Digipass token) needs to accept username and password (and no other token)

Enabling the feature Migration Via Basic Authmeans, that users are only authenticated with username and password to activate the OneSpan (Vasco) Digipass token.

It is not a good idea to register a second factor (the OneSpan (Vasco) token) given only weak authentication (username and password). Therefore the feature should only be used in suitable scenario as the one described above (token activation from internal network to enable strong authentication for later use from external network).