About the ActivID Authentication Portal
The ActivID Authentication Portal acts a Single Sign-On (SSO) service provider (SP) that provides federated, strong, versatile authentication to end users.
It enables users to authenticate to protected resources in a federated network using multiple and extensible methods.
Users are redirected from a Service Provider to the ActivID Authentication Portal to perform authentication. Standardized integration with the ActivID Authentication Portal is possible with either SAML or OpenID/OAuth2.
The ActivID Authentication Portal:
- Provides a way for Service Providers to specify the context of authentication requests, that is, registration, regular access, privileged access, or emergency access.
- Supports multi-factor authentication (MFA) where one authentication policy requires another authentication policy to be enforced first.
- Accepts authentication requests coming from Service Providers (or Relying Parties) or OAuth 2.0 Client applications that are known and trusted by the identity provider.
-
Allows end users to reset their passwords without needing to contact their help desk.
-
Supports multiple domains.
-
Can be both re-branded and localized.
When the user is successfully authenticated, the ActivID AS (the identity provider) provides an assertion to the SP a security token or an authorization code to the relying party (RP).
The ActivID Identity Provider (IdP) Solution can serve as an identity provider for the following:
- SAML SPs:
- OpenID client applications:
SAML v2 is an XML-based protocol that uses security tokens containing assertions to pass information about a user between an identity provider and a web service provider.
As an open standard, SAML enables SPs to delegate the authentication process of their end users to a trusted third party, called the Identity Provider. A Service Provider can be an online banking website, a cloud-based enterprise solution, an internal enterprise web application, or a VPN gateway. Using this model, multiple SPs can rely on a single identity provider to federate (centralize) authentication, authorization, and auditing services.
The ActivID IdP Solution leverages the ActivID AS OAuth/OpenID Connect API to issue JSON tokens for client registration and authentication.
This API exposes the authentication and authorization RESTful endpoints added to the ActivID AS server that comply with standard Oauth 2.0 and OpenID Connect protocols.
Supported Authentication Policies
The authentication policies supported by the ActivID Authentication Portal are associated with GUI templates. The following table lists the GUI templates associated with the authentication policy.
Authentication Policy | GUI Templates |
---|---|
Static Password (Employee Static Password) |
|
LDAP Password (LDAP Fallback/Passthrough) |
|
Security Questions and Answers (Employee Emergency Q&A) |
|
OOB Authentication (Out of Band) (Employee OOB Authentication) |
|
One-Time-Password (Employee One Time Password) |
|
PKI Authentication (Citizen PKI Authentication) |
|
EMV Authentication |
|
Mobile push-based Logon Validation |
Legacy template for Push-Based Authentication support. It performs user Static Password authentication, then push-based authentication.
To be used for second step tiered-authentication (for example, with Static Password as the first step authentication). |
FIDO U2F authentication |
FIDO device authentication To be used for the second step of a tiered-authentication deployment (for example, with Static Password as the first step authentication). |
See Authentication Methods for further details about the authentication methods supported by ActivID AS.
See Customize the User Authentication Process for information about creating customized GUI templates and authentication process templates.
See also: