Bloc B-Apt 1, Résidence les jasmins. Avenue de Dollar - Les berges du Lac II
-
-
-
Mon - Fri 8.00 am - 6.00 pm
Single Sign-On
Tech info
Why PhenixID Authentication Services?
Benefits
Federation is linking of trust and identities across organizations and for the end user the possibility for Single Sign-On (SSO)
Allows a central point of identity management:
– Enforce strong authentication methods, such as MFA or certificate. Read about the methods here
– Local authentication can be used i.e Active Directory SSO
– Can do context based authentication (internal/external networks, browser type, etc.)
– Restrict access based on group membership, time or days of week, etc.
– No need to manage accounts on remote services when an employee leaves the company.
Standard protocols supported
Please click the following link for the different standard protocols that are supported.
Activate strong authentication
The self enrolment portal for strong authentication is available so the user can enroll to the PhenixID mobile app One Touch. Read more about it here.
Now also available on Apple Watch
FIDO2
- Users can associate their FIDO2 tokens with their organizational userID. The user only needs to activate the FIDO token once (to PhenixID Authentication Services) instead of activating it for every service/application used.
- All services/applications can connect to PhenixID Authentication Services using standard protocols (SAML2, OIDC) to consume FIDO authentication.
- No need for applications/services to develop own FIDO2 support.
Enrollment portal for handling of tokens
- Self-enrollment of FIDO2 tokens
- Self-administration of FIDO2 tokens
- Delegated administration of FIDO2 tokens
Reset/change password
After a successful strong authentication it is possible to allow the user to reset/change their password from PhenixID Password Self Service. Read more about it here.
Identity Provider, IdP
- Responsible for validating user credentials and, optionally, user permissions. The Identity Provider will issue a token with identity data to the protected resource.
Delegated Identity (OIDC)
OpenID Certification
The OpenID Foundation enables organisations to be certified to specific conformance profiles to promote interoperability among implementations.
PhenixID have achieved certifications for these OpenID Provider conformance profiles:
- Basic OP
- Config OP
- Form POST OP
Delegated Access (OAuth)
The purpose of oAuth is delegated authentication where you, the end user, authorizes an application to log in as you to another application without giving out your password.
Identity Mapping
Transforms of a security token from one format to another format, or the federation of an identity from one realm to an equivalent identity in another realm.
Federation Broker
Overview
The main purpose of the federation broker is to:
Facilitate for Service providers (applications)
– One connection point (the broker)
– Multiple identity providers connected to the broker.
– Selection list of connected IdP´s (“Please select the organization you belong to”) is provided by the broker
– Central point for maintaining access rules.
Facilitate for Identity providers (organizations)
– One connection point (the broker)
– Multiple service providers connected to the broker.
PhenixID MyApps
What is MyApps?
MyApps is a portal that displays available apps for me. The application displayed is based on authorization criteria i.e. member of group, specific attribute, IP/geolocation etc.
Single Sign-On
Application icons displayed in MyApps give the user SSO if the application supports federation.
The Solution is built on standards including SAML 2.0, Open IDConnect, ADFS etc.
See how it works
Verify User
Verify Users with a challenge
Verify User for Service Desk
In many case the Service Desk organisation need to help users calling in by phone.
The Verify User application adds an extra security layer so that the service desk personnel can have a higher trust that they are talking to a legitimate user.
The YouTube movie will showcase a scenario where a service desk personnel have a user contact by mobile phone.
Before helping the user, a verification challenge must be correctly answered by the user.
Several verification options can be used depending on the called in users available methods.
The movie will show the web interface for the service desk personnel and the called in users mobile phone.
See how it works
Next Step
Integrations
Product Documentation
