Cronto authentication (OneSpan)

About Cronto and OneSpan (Vasco)

CrontoSign (short Cronto, sometimes also called PhotoTAN), was initially an authentication method based on 2D color barcodes. It was invented by the British company Cronto and has been integrated into Airlock IAM in 2013 using the Cronto Engine Java library from that company.

OneSpan (Vasco) is a US company offering a variety of authentication products. In 2013, their OneSpan (Vasco) Digipass OTP authentication tokens have been integrated into Airlock IAM, where they were simply referred to as Vasco tokens. This implementation uses the native Vacman Controller library, the server-side software distributed by OneSpan (Vasco).

Later in 2013, Cronto was bought by Vasco and in 2014 the CrontoSign workflow was integrated into the Digipass product line, including the Vacman Controller. Since 2015, Airlock IAM also offers the CrontoSign workflows using the Vacman Controller library, which is compatible with the Digipass integration of CrontoSign. In Airlock IAM, this is referred to as Vasco Cronto.

Therefore, there are two implementations of the Cronto Handler plugin in Airlock IAM, one called Cronto Engine Handler and the other called Vasco Cronto Handler. Their configuration and workflows on the administrator side are very similar, with the major difference being the necessary import of licenses for the Vasco Cronto version (from license files in DPX format). On the customer side, there is no noticeable difference between the two implementations.

In 2018, Vasco changed its name to OneSpan and also changed most of the product names. The IAM documentation still uses the old product names. The products relevant to IAM are listed in the table below.