VACMAN Controller

VACMAN Controller is an API-based authentication platform that serves as a backend for DIGIPASS strong authentication and e-signatures.

Unmatched flexibility

VACMAN Controller is capable of processing large volumes of authentication requests and can support mass deployments in a variety of customer interfacing applications. Because this solution natively integrates into your existing infrastructure, it inherits all native features of any pre-existing systems and applications, providing strong security with minimal impact to your existing infrastructure.


Native integration

VACMAN Controller can be customized and integrated into any existing application regardless of the operating system, data model, or architecture. The versatility of this API-based solution makes the entire two-factor security implementation effortless and cost-effective, ensuring the lowest possible impact on existing infrastructure and operations.

Unlimited scalability

VACMAN Controller makes it easy to add more users and/or applications without the need to rebuild the back-end infrastructure. There is no need to deploy and maintain additional or back-up servers.

High availability

With VACMAN Controller API, there is no need to worry about server downtime and service disruptions. Its high reliability ensures that your users can get secure access to the system when they need it.

Highly secure

VACMAN Controller is a single platform with secure key management and provisioning suitable for any security policy: 

  • End-to-end security chain from VASCO manufacturing sites to customers 

  • Initialization secure room with a high level of both physical and logical security 

  • Secure encrypted transport DIGIPASS key file (DPX) with an optional key ceremony for the customer’s security officer(s) 

  • Optional Hardware Security Module (HSM)-compliant solution 

  • Optional hardware DPX file encryption 

  • One-time password and e-signature validation operates inside the HSM No sensitive information exposed outside of the HSM 

  • Compliant with FIPS standards

Low total cost of ownership

VACMAN Controller is designed to accommodate all current and future VASCO authentication and e-signature technologies and devices. This provides your organization with the flexibility to follow new standards and developments in application and network security for virtually any operating system or platform.

VACMAN Controller is a cost-effective solution that leverages your IT investment and provides one centralized platform without any additional requirements for a separate Authentication Server or database. As such, no server farms and dedicated disaster recovery systems are needed.

Integrations with strategic partners

VACMAN Controller is currently integrated into over 100 applications, including those in the portal, single sign-on, and banking markets, among others. Native integration significantly reduces the cost of strong authentication implementation and simplifies back-end deployment and management.

VACMAN Controller is a unique and flexible platform that supports multiple authentication devices and mechanisms. It works with all hardware and software-based DIGIPASS authenticators, as well as with OATH-compliant devices (except VACMAN Controller HSM versions) and EMV-CAP smart cards. When combined with DIGIPASS hardware and software authenticators, VACMAN Controller can provide end-to-end secure online provisioning and management of these authenticators.


The following form factors are supported in every implementation:


  • One-button hardware authenticators

  • PIN-protected hardware authenticators

  • Matrix Cards

  • Software-based solutions (DIGIPASS for Web, DIGIPASS for Mobile, DIGIPASS for C and Java APIAPPS)

  • SMS delivery (Requires integration of an SMS gateway)

  • USB authenticators

  • Smart cards

VACMAN Controller supports a range of authentication modes including:


  • Time- and/or counter-based one-time passwords

  • Time- and/or counter-based Challenge/Response

  • Time- and/or counter-based e-signatures

  • Mutual authentication (between a user and a server)

  • e-signature confirmation code

  • Server-side PIN validation

  • CHAP & Microsoft response Authentication using DIGIPASS dynamic passwords

  • Knowledge-based authentication (secret question & answer scheme)

  • Time- and/or event-based synchronization mechanisms

  • Supports DES/3DES/AES/OATH encryption standards

  • Integrated secure unlocking feature for locked users

  • Centralized credential provisioning mechanism to be used with DIGIPASS for Mobile, DIGIPASS for APPS and DIGIPASS for Web product line.

  • Centralized OTP generation mechanism to offer SMS-based authentication

  • Multi-thread and multi-task aware code

  • On- and offline software-based DIGIPASS provisioning

  • Multi-device licensing based DIGIPASS provisioning


Case Study

Jaiz Bank

Jaiz Bank is a fast growing non-interest banking pioneer in Nigeria. To protect their customers from fraudulent transactions, the leadership of Jaiz Bank mandated the bank’s technology group to evaluate and deploy an appropriate banking security solution. After evaluating various competing 2-factor authentication solutions, Jaiz Bank selected VASCO’s DIGIPASS GO 6 combined with a VACMAN Controller in the back-end.

Product Brief

Authentication Server Framework (VACMAN)

Authentication Server Framework is an API-based authentication platform that serves as a backend for OneSpan’s strong authentication and e-signatures solutions.


VACMAN Controller - Deploying VASCO Authentication - Overview

The VACMAN Controller Deploying VASCO authentication package provides you with all the components necessary to achieve your authentication objectives based upon VACMAN Controller.

Related Products

This website uses cookies to improve user experience, functionality and performance. If you continue browsing the site, you consent to the use of cookies on this website. Note that you can change your browser/cookie settings at any time. To learn more about the use of cookies and how to adjust your settings, please read our cookie policy.