Identity Cloud

OneSpan Auth Generate VOTP node

This node generates and delivers a virtual one-time password (VOTP) through the delivery method configured in the node if there’s a VIR10 authenticator assigned to the user.

This node first retrieves user data, then loops through the authenticator list to verify if the user is assigned a VR10 authenticator. If the user has been assigned a VIR10 authenticator, the node triggers the Generate VOTP API.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)


ForgeRock Identity Platform (self-managed)



This node requires the following inbound data:

Description Attribute name Source


As specified in the property

Shared state

Password (optional)

As specified in user attributes

Transient state

User attributes

As specified in the property

Shared state


To use this node, you should have already set up Identity Cloud integration with OneSpan, as mentioned in Set up, and enabled user authentication through an OneSpan VIR10 authenticator.


The configurable properties for this node are:

Property Usage

IAA Domain

The domain in which the user account resides. In a sandbox, the domain is the same as your tenant name.

User Name In SharedState

The key parameter in shared state that represents the OneSpan IAA username.

VDP Delivery Method

The mode in which VOTP is delivered. The available values are SMS, Email, Voice, and Default.

User Attributes

Supplementary information for registration in the key-value pair form:

  1. Click Add.

  2. In the Key field, enter the JSON attribute as defined in API schema.

  3. In the Value field, enter the name of the shared state attribute.

     For example, given a pair such as `emailAddress` : `"emailAddress"`, the node
    searches for the first occurrence of the key `emailAddress` in the shared state,
    and adds a pair `emailAddress` : `"valueInSharedState"` to the OneSpan API payload.

To edit an entry, click its pencil icon ().

To remove an entry, click its delete icon ().


This node adds the User Attributes values to the OneSpan API payload.



VOTP sent successfully in the delivery mode configured.

  • An error message with the key ostid_error_message is output to the shared state.


If this node logged an error, review the log messages for the transaction to find the reason for the exception.


OneSpan Genetrate VOTP

This example describes an authentication journey which generates VOTP to authenticate a user:

  1. In the initial login page, the user enters their username and the required VDP delivery information, such as their virtual email or phone number.

  2. The OneSpan Auth Generate VOTP node then generates and delivers the VOTP.

  3. The OneSpan Sample Attributes Collect node accepts the VOTP for validation.

  4. The OneSpan Auth User Login node invokes the User Login API, to validate the user’s login. Depending upon the outcome, it appropriately directs the further authentication flow.

  5. If an error is encountered, the OneSpan Sample Error Display node displays the error.

Copyright © 2010-2024 ForgeRock, all rights reserved.