About the ActivID Authentication Portal

The ActivID Authentication Portal acts a Single Sign-On (SSO) service provider (SP) that provides federated, strong, versatile authentication to end users.

It enables users to authenticate to protected resources in a federated network using multiple and extensible methods.

Users are redirected from a Service Provider to the ActivID Authentication Portal to perform authentication. Standardized integration with the ActivID Authentication Portal is possible with either SAML or OpenID/OAuth2.

The ActivID Authentication Portal:

  • Provides a way for Service Providers to specify the context of authentication requests, that is, registration, regular access, privileged access, or emergency access.
  • Supports multi-factor authentication (MFA) where one authentication policy requires another authentication policy to be enforced first.
  • Accepts authentication requests coming from Service Providers (or Relying Parties) or OAuth 2.0 Client applications that are known and trusted by the identity provider.
  • Allows end users to reset their passwords without needing to contact their help desk.

  • Supports multiple domains.

  • Can be both re-branded and localized.

When the user is successfully authenticated, the ActivID AS (the identity provider) provides an assertion to the SP a security token or an authorization code to the relying party (RP).

The ActivID Identity Provider (IdP) Solution can serve as an identity provider for the following:

  • SAML SPs:
  • SAML v2 is an XML-based protocol that uses security tokens containing assertions to pass information about a user between an identity provider and a web service provider.

    As an open standard, SAML enables SPs to delegate the authentication process of their end users to a trusted third party, called the Identity Provider. A Service Provider can be an online banking website, a cloud-based enterprise solution, an internal enterprise web application, or a VPN gateway. Using this model, multiple SPs can rely on a single identity provider to federate (centralize) authentication, authorization, and auditing services.

  • OpenID client applications:
  • The ActivID IdP Solution leverages the ActivID AS OAuth/OpenID Connect API to issue JSON tokens for client registration and authentication.

    This API exposes the authentication and authorization RESTful endpoints added to the ActivID AS server that comply with standard Oauth 2.0 and OpenID Connect protocols.

Supported Authentication Policies

The authentication policies supported by the ActivID Authentication Portal are associated with GUI templates. The following table lists the GUI templates associated with the authentication policy.

Authentication Policy GUI Templates

Static Password

(Employee Static Password)

  • Username/Password

  • Seeded Username Password

LDAP Password

(LDAP Fallback/Passthrough)

  • LDAP Username Password

Security Questions and Answers

(Employee Emergency Q&A)

  • Question/Answers

  • Seeded Question/Answers

OOB Authentication (Out of Band)

(Employee OOB Authentication)

  • One-Time-Password (synchronous)

  • OOB One-Time Password

  • Mail OTP

    To be used for second step tiered-authentication. It does not require an Activation code, the OTP is sent by mail.

  • SMS OTP

    To be used for second step tiered-authentication. It does not required an Activation code, the OTP is sent by SMS.

One-Time-Password

(Employee One Time Password)

  • One-Time-Password (synchronous)

  • Challenge Response (asynchronous)

PKI Authentication

(Citizen PKI Authentication)

  • Public Key Infrastructure

  • Auto Public Key Infrastructure

EMV Authentication

  • Public Key Infrastructure

  • Transaction signing

Mobile push-based Logon Validation

  • TDS Push

Legacy template for Push-Based Authentication support.

It performs user Static Password authentication, then push-based authentication.

  • Push-Based Authentication

To be used for second step tiered-authentication (for example, with Static Password as the first step authentication).

FIDO U2F authentication

FIDO device authentication

To be used for the second step of a tiered-authentication deployment (for example, with Static Password as the first step authentication).

See Authentication Methods for further details about the authentication methods supported by ActivID AS.

See Customize the User Authentication Process for information about creating customized GUI templates and authentication process templates.

See also:

Sample Deployments for SAML-Based Single Sign-On Services

Configuring the ActivID Authentication Portal