Authentication Profile
An authentication profile enables many types of user authentication solutions. You can design simple or sophisticated journeys to enable users to onboard, authenticate and securely gain access to your systems. Authentication profiles enable user authentication at scale, including the use of security standards to federate with other organizations and subsystems.
Getting Started#
To get started, Create an Authentication Profile in the Admin UI. Then, navigate to Authentication Service → General to view profile-wide settings.
Authentication Profile Concepts#
More generally, each user authentication solution results in a pipeline that composes some of the following system components. This toolbox and its separation of concerns provides flexibility that enables you to meet your deeper requirements.
The below links provide further details about the key concepts of the authentication profile:
Configuration
To work with an authentication profile you use a configuration that defines authentication endpoints and the security settings used for authentication.
Lifecycle
A user authentication journey runs as a pipeline. When it completes, the browser’s SSO session is updated. The session can reference delegations for multiple clients and multiple users.
Authenticators
An authenticator is an extensible interface to enable users to perform login-related operations. There are a number of built-in authenticators and you can also provide custom implementations.
Authentication Actions
Authentication actions enable the manipulation of attributes during authentication flows. You can plug in any custom data, logic or forms to customize and control the user journey.
Authenticator Filters
Authenticator filters can be used when there are multiple authenticators to present to the user. Filters allow you to run custom logic that dynamically removes one or more authenticators.
Account Multi-tenancy
In B2B2C deployments you can create multiple authentication profiles, where each represents a customer organization. User accounts for each organization are partitioned by a tenant_id stored in a tenant-aware data source.
Account Linking
The authentication profile can use account linking to quickly identify a user from an external identity provider (IDP)‘s subject identifier. Account linking uses account domains to mark authenticators that belong together.
Standalone Integration with Federation Servers
The authentication profile can perform standalone integrations with federation servers. That capability enables legacy applications that act as service providers to integrate with the Curity Identity Server.
Geolocation
The authentication profile can use geolocation to enable adaptive authentication based on geographical data. Geolocation can prevent logins from untrusted locations or dynamically update the user’s authenticator.
Learn More#
To get started with an authentication profile, implement some use cases that use its two main building blocks:
Use Authenticators
The Authenticators page explains more about the authenticator interface, which is a key behavior for verifying the user’s identity.
Use Authentication Actions
The Authentication Actions page explains more about the authentication action interface, which is a key behavior for manipulating user attributes.