Identity Cloud

OneSpan Auth VDP User Register node

This node registers users to authenticate using the virtual one-time password (VOTP). You can design a user registration journey with this node on its own. You can also position this node after the OneSpan Auth User Register node. Both IAA and OCA authentication can use VDP delivery.


Product Compatible?

ForgeRock Identity Cloud


ForgeRock Access Management (self-managed)


ForgeRock Identity Platform (self-managed)



This node requires the following inbound data:

Description Attribute name Source


As specified in the property

Shared state

Password (optional)

As specified in user attributes

Transient state

User attributes

As specified in the property

Shared state

This node uses input from OneSpan Auth VDP User Registration node and another node that collects the VOTP delivery method.


To use this node, you should have already set up Identity Cloud integration with OneSpan, as mentioned in Set up.


The configurable properties for this node are:

Property Usage

IAA Domain

The domain in which the user account resides. In a sandbox, the domain is the same as your tenant name.

User Name In SharedState

The key parameter in shared state that represents the OneSpan IAA username.

VDP Delivery Method

The mode in which VOTP is delivered. The available values are SMS, Email, Voice, and Default.

User Attributes

Supplementary information for registration in the key-value pair form:

  1. Click Add.

  2. In the Key field, enter the JSON attribute as defined in API schema.

  3. In the Value field, enter the name of the shared state attribute.

    For example, given a pair such as `emailAddress` : `"emailAddress"`, the node searches for the first occurrence of the key `emailAddress` in the shared state, and adds a pair `emailAddress` : `"valueInSharedState"` to the OneSpan API payload.

To edit an entry, click its pencil icon ().

To remove an entry, click its delete icon ().


If an error occurs, an error message with the key ostid_error_message is output to the shared state.



If the user exists, then this node invokes the Update user API. If the user entry isn’t found, this node invokes the Create a user API.


An error message with the key ostid_error_message is output to the shared state.


This node logs an error message with the key ostid_error_message and the reason why the user registration for VDP wasn’t successful.


If this node logged an error, review the log messages for the transaction to find the reason for the exception.


OneSpan VOTP User Registration

This example describes an authentication journey to register a user for VOTP authentication:

  1. In the initial login page, the user enters their username and the required VDP delivery information, such as their virtual email or phone number.

  2. The OneSpan VDP User Register node determines if there’s an unassigned VIR10 authenticator available in the tenant. It also determines if the user isn’t already assigned a VIR10 authenticator.

  3. If the user hasn’t been assigned a VIR10 authenticator, the OneSpan Auth Assign Authenticator node assigns a VIR10 authenticator to the user.

  4. The OneSpan Sample Error Display node displays if the VIR10 authenticator assignment failed and lets you retry registration.

Copyright © 2010-2024 ForgeRock, all rights reserved.