Authentication Service

The Authentication Pipeline

The Curity Authentication Service powers centralized authentication, removing the pain of determining who the user is from your apps. It allows for customized authentication flows and comes with many ready-made authentication methods and actions. It enables many use cases, you can see a few below:

A multitude of use cases

Customized authentication flows with many ready-made authentication methods and actions

Login

Authenticator

Username & Password

Facebook

Actions

Prompt

Terms and Conditions

Curity Identity Server enables multiple authentication methods (authenticators), connected to various databases. After verification of the user’s credentials, single actions or entire workflows may run with or without user interaction. All of this is configurable to specific clients and use cases.

Authenticators

There are many possible ways to authenticate users. The Curity Identity Server supports a long list of established authentication methods, you can also build your own using our SDK.

+25 Ways to Authenticate

Actions

Authentication Actions allows you to orchestrate what happens after the credentials are verified but before the session is committed. In other words. the user has been validated, but the system hasn’t yet produced an authenticated session, which later can be used for Single Sign-On etc.

Actions are executed in the configured order so they can be chained and depend on each other. They can look up information in databases, prompt the user for more information or run other activities to ensure proper authentication and a secure login.

Curity Admin UI

Data Source

Directly transform values coming various data sources.

JavaScript

Write small JavaScripts that transform data in the authentication context.

Resolve Linked Account

Replace a foreign username/domain used at login with a linked username.

Auto Link Account

Creates a link between a foreign incoming account from the authenticator to the local account.

Lookup Linked Accounts

Finds all associated links for a local account.

Sequence

Combine a number of actions and represent them as a single action, allowing you create more complex flows.

Switch

Create workflows and execute different actions based upon on conditions.

Multi-factor Condition

Run additional authenticators depending on the context of a specific user log-in.

Remove Attribute

Allows you to remove one (or many) of the incoming attributes at authentication.

Reset Password

Prompts the user to update their password.

Require Attrbute

Checks the subject attributes, and if a required attribute is not found, the user will be prompted to fill the missing attributes.

Regex

Create regex-expressions that transforms names and values during the authentication process.

Extend Curity

Build your own Authenticators and Actions using our Java SDK.

Learn more on the Developer Portal

Multi-factor Authentication

Curity not only enables two factor authentication, but advanced multi-factor possibilities by chaining authentication methods as needed. Being the most advanced multi-factor framework available, Curity lets you chain any number of authentication methods in any order, to create a strong and user friendly login experience.

A common scenario is to combine username/password with a second factor such as an SMS to a phone, a keyfob or an app. This reduces the risk of accounts being compromised due to password theft.

Something you know
Something you have
Something you are

Curity lets you combine any factors.

Branding

With the Curity Identity Server the customer never leaves your organization’s brand. The user-facing screens can be tailor made to match your needs. If your organization has several brands this can also be embedded and used depending on where the user is. The templating system enables an overlay possibility of existing templates with your choice of colors, logos and fonts. It is possible to completely style the look and feel. You can mix and match with built-in and custom templates as needed.

Move seamlessly between mobile apps and websites

Single sign-on (SSO) between apps and secure backend access.

Let the user navigate seamlessly between mobile apps and websites in the mobile browser without having to re-authenticate. Using OpenID Connect, Curity Identity Server has built in support for single sign-on between mobile apps and mobile web-pages.

User Self-Service

Define how users create accounts, reset passwords and link multiple accounts during authentication. Self-service is about enabling theusers to handle the accounts themselves. Did the user forget the password, or wants to register a new phone? Allowing the user to perform these actions during authentication is a great way to improve user experience and increase usage of your services!

User self-service greatly reduces the support burden imposed by authentication and registration. All changes are stored in your own user repository, which can be integrated via SCIM, SQL, LDAP or your own API

Single Sign-On (SSO)

Enable seamless access between your websites.

Establish single sign-on all across your websites and mobile apps by simply configuring the ready-made Curity Authentication Service. Deciding which authentication methods that shall be used under which circumstances grants a low-friction access to your services.

Single Page Applications

Embed single sign-on on your Angular website or other single page applications (SPAs) with secure iframing. The assisted token flow in Curity makes the iframing work seamlessly and enables your website developers to easily implement login.

https://single-page-app.io

Login

Ways to Authenticate

The Curity Identity Server supports many ways to connect your OAuth and OpenID Connect enabled clients and APIs with proper authentication methods, stylised with your own look-and-feel. With the Curity SDK you can also build your own authentication method in an easy way, and the new method will be configured and used exactly like the built-in ones: