Settings

Suggest Edits

The below sections are covered while using the Identity Portal Settings:

  1. General Settings
  2. My APIKeys
  3. Portal Users
  4. FIDO2 Server Settings

General Settings

The Settings page determines the available services and options under the Identity Portal offer/display.

The San Juan Mountains are beautiful!

Verified

  • Liveness Default Enabled: enabling forces a liveness check when running a verification transaction through the Identity Portal.
  • Allow Override Liveness Default Enabled: It allows the user to disable the liveness check when running a verification transaction through the Identity Portal.
  • Default Timeout, sec: The timeout for verification transactions initiated through the Identity Portal.
The San Juan Mountains are beautiful!

Devices

  • Push Notification Option Enabled: It allows transactions to be sent to a mobile device with the AuthID app installed.
  • Allow Mobile Accounts Registration Enabled: It allows a user to register for a Verified account when completing a transaction through the AuthID app.

Account Lockout Options

  • Enabled: It enables or disables the account lockout options.
  • Max Failed Attempts: Number of unsuccessful attempts before the user's account is automatically disabled.
  • Failed Attempts Timeout, sec: Time during which the number of unsuccessful attempts must occur before the account is deactivated.

📘

Account Lockout

The account lockout logic is common for Biometric and FIDO transactions, exceeding the amount of retries within a period of time specified in the Account Lockout settings.

Enable Account

Users can access the platform's features and services by enabling an account, which is a crucial process in authID. With authID, administrators can effectively and securely manage user accounts as an authentication and identity management platform.

When the number of retries within the time frame given in the Account Lockout settings is exceeded, the regular biometric and FIDO transaction logic locks the account.

The San Juan Mountains are beautiful!

The Account gets deactivated with a corresponding “Reason” recorded.

The San Juan Mountains are beautiful!

Disable Account

Access to the platform's features and services can be restricted for particular users by disabling their accounts in authID, it is a crucial security precaution. The administrators may proactively manage user accounts and reduce potential security concerns with the help of authID, a powerful platform for identity management and authentication.

  • Using an API filter, integration can obtain a list of disabled accounts.
  • Account can be enabled (reactivated) with an API call and an admin action on the Identity Portal.
  • An issue occurs when you attempt to create an authentication transaction for a disabled account.
  • OIDC Service: When attempting to authenticate with a disabled account through OIDC, an appropriate error message is returned to the client application, and automatic authentication is rejected.

Proof

  • Additional Verification Default Enabled: It automatically runs additional document verifications when running a proof transaction through the Identity Portal.
  • Auto Enroll on Proof Success: It enables automatically and creates a Verified account using a concatenated version of the phone number or email address when running a proof transaction through the Identity Portal.
  • Default Document Type: By default, the documents are running a proof transaction through the Identity Portal.
  • Allow Document Types: The configurable list of documents you can use in a proof transaction.
  • Default Timeout, sec: The timeout for proof transactions initiated through the Identity Portal.

Transactions

  • No prefix: (Portal only) Normally, the Identity Portal adds a prefix to designate accounts created via the portal versus accounts created elsewhere. Turning this off removes the prefix from any account going- forward.
  • Alternative Contact Method Selection Enabled: It enables adding a new modality of delivery for transactions initiated through the Identity Portal, which only applies to Verified API V2 transactions.
  • Enable Developer Options: Displays basic debugging data after initiating a transaction in the Identity Portal, e.g. request body content, QR codes, and web links to the BioWebApp interface.

🚧

Develoer Mode

Developer mode prevents the sending of tranactions via SMS and email. Instead, the develper recieves the URL within the authID Identity Portal.

  • Default Country for Phone Number: The country code to append to a phone number for transactions initiated through the Identity Portal.
  • API Version: (Portal only) dictates whether the portal must use the V2 API.

Upload Logo

On the Settings page, it is possible to upload the customer's logo and it is displayed at the top of the Identity Portal.
Return to Contents.

  1. Go to the Settings page.
The San Juan Mountains are beautiful!
  1. Click General.
The San Juan Mountains are beautiful!
  1. In the Customer Logo field, click the Browse and select the appropriate image file.
The San Juan Mountains are beautiful!
  1. Once the logo image is selected, click Save, and a Success message is displayed.
The San Juan Mountains are beautiful!
  1. To View the uploaded logo at the top of the Identity Portal page.
The San Juan Mountains are beautiful!

My API Keys

Access to the authID Identity Portal is provided using passwordless credentials with cloud biometric authentication for credential recovery.  These are user credentials and cannot be used for machine-to-machine API authentication. This is by design.

You can see the API Keys you've previously created and create new API keys using this portal page:

The San Juan Mountains are beautiful!

Create a New API Key

  1. To create a new API key, click the New API Key.

  1. The New Portal User API Key screen displays.
  2. Enter the description.
  3. Select the expiration date from the calendar.

  1. Click Add APIKey.
  2. The portal displays the newly generated API Key ID (External ID) and Value that must be captured before navigating away since the Identity Portal does not retain these.

  1. From the created API Key, the user can copy the external ID and API Key Values. Click on the close icon.
  2. The API Key Details screen displays
The San Juan Mountains are beautiful!
  1. By default, the Manage API Key screen is Enabled.
  2. To Disable the Manage API Key, the user can click the radio button, provide the Disabled Reason, and click Apply Changes.
The San Juan Mountains are beautiful!
  1. Once the API Key is created, and it is available under the Available API Keys screen.
The San Juan Mountains are beautiful!

Delete the API Key

To delete the API Key,

  1. Click Delete API Key,
The San Juan Mountains are beautiful!
  1. A confirmation pop-up displays: Delete Information.
  2. To confirm the delete, click OK.
  3. Click Cancel. It redirects to the API Key Details screen.

Portal Users

Access to a specific online platform or portal is granted to users who are identified as Portal Users. Portal Users are those who can access a specific portal or web-based application. This access is often granted based on user roles, permissions, or other criteria defined by the organization or system administrator.

Create a New User

  1. Navigate to Settings -> Portal Users.
  2. Click New User.
  3. Enter the email ID.
  4. Enter the name.
  5. Enter the user login.
  6. Enter a new password.
  7. If admin set Yes, then an Automatic password delivery to Email. If the admin set No, then the Automatic password delivery to Email is not sent to the user.
  8. Choose the Password expiration date UTC.

Note: Password Lifetime (in days, 0 - infinite password)

  1. Enter the description.
  2. From the drop-down select the appropriate roles.
  3. To enable the new user, click Yes.
  4. To disable the new user/ existing users, click NO and provide a disabled reason.
The San Juan Mountains are beautiful!
  1. Click Save Changes. The user gets created, as in the below screen.
The San Juan Mountains are beautiful!

Search Portal User Database

Users can search specific Portal User Database details using the below search criteria:

  1. Specify user search criteria to view the appropriate workflows,
    1. User Login: It displays the logged-in user name.
    2. Email: Email ID of the logged-in user.
    3. Enabled: To enable the logged user.
    4. Disabled: To disable the logged-in user.
    5. Include Deleted Users: If Yes, it displays the deleted user. If No, it do not display the deleted user.
    6. Click Search.
    7. Reset All: It clears all the filled fields.

FIDO2 Server Settings

Along with support for all FIDO2-compliant passkeys, the Identity Portal now provides the ability to set global overrides for your FIDO2 enrollment or authentication transactions.

These settings are found under the Settings > FIDO2 blade in the Identity Portal. Below is a screenshot showing the options available to override:

The San Juan Mountains are beautiful!

Override Global Default
Override settings for each FIDO2 transaction are required if the user wishes to change the defaults.

User Enrollment

The following settings apply to FIDO2 enrollment transactions.

Allowed Authenticator Type

  • All: Instructs the browser to accept all forms of authenticators. When this option is turned on, the user must be able to sign up for cross-platform authenticators like external security keys or native authenticators like phones and desktop computers.
  • Platform: Instructs the browser to allow the enrollment of a platform authenticator only.
  • Cross-platform: Instructs the browser to allow the enrollment of an external authenticator only.

User Attestation

  • None: The FIDO server will not request metadata attestation from the authenticator.
  • Direct: Convey the authenticator's AAGUID and attestation statement, un-altered, to the Relying Party.
  • Indirect: The client MAY replace the AAGUID and attestation statement with a more privacy-friendly and/or more easily verifiable version of the same data (for example, by employing an Anonymization CA).

User Verification
These values today are ignored by most devices, and despite what the server says, get overridden to required. The only time these apply is for custom CTAP clients.

Register with Resident Key

  • Not Required: The authenticator will generate a non-resident key.
  • Required: The authenticator will generate a resident key. Generally, when it is enabled not ask for a username.

For more information refer to FIDO2 - Enroll

User Authentication

The following settings apply to FIDO2 authentication transactions.

User Verification
These values today are ignored by most devices and despite what the server says, will get overridden to required. The only time these apply is for custom CTAP clients.

Relying Party ID
This is the domain where users will register their FIDO2 passkeys with. This domain must match the location where the transaction is being hosted. For example, if you are hosting the FIDO2 enrollment on example.com, you must set the relying party ID to that value. Be sure to include the protocol, e.x. HTTPS.

For more information refer to FIDO2 - Enroll

Updated about 2 months ago