Digipass OTP devices are physical OTP devices from OneSpan. Airlock IAM supports the activation and reactivation of inactive Digipass OTP devices by the end-user in a protected self-service. Since protected self-services are only accessible after successful authentication by the end-user, this process can help minimize the risk of potential misuse.
This article describes how a corresponding flow in the Loginapp REST API.
- As a result:
- Administrators can ship deactivated Digipass OTP devices to the end-user.
- Tampering with an inactive Digipass OTP device, e.g. during shipping, is impossible. The end-user first needs to log in to activate the new device via a protected self-service.