Glossary

TrustBuilder MFA glossary

A

Activation Code

Time-limited code that is used to activate a device as a trusted device. There are short codes (9 characters) that have a small livespan and long codes (20 characters) that have a longer lifespan.

Admin Console

Graphical interface, web browser-based, used by administrators to manage TrustBuilder services.

Account

A user account. The login is the unique identifier of an account.

Active Directory Federation Services (AD FS)

Microsoft solution that extends end users' single sign-on (SSO) access to resources outside the corporate firewall. AD FS manages authentications with a proxy service that is hosted between an Active Directory and the target resource.

API

A system access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality.

Audit

Detailed list of an account or an application activities. Sometimes referred to as Audit Trail.

Authenticator

TrustBuilder Authenticator is an App that generates one-time passwords (OTP) including push notification. It also has an offline mode.

Authentication

Process of verifying a user identity as a prerequisite to allowing access to resources or applications.

Offline authentication

Authentication performed when the trusted device cannot connect to a wireless communication channel (e.g. airplane mode, network problems...). Exchanges between the trusted device and the server are therefore impossible.

Online Authentication

Authentication performed when the trusted device can connect to a wireless communication channel. Exchanges between the trusted device and the server are therefore possible.

C

Credential Provider

A trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers.

Connector

Technical object connecting a third party application to the TrustBuilder authentication platform by defining the connection characteristics to apply.

D

Device

Possession factor of a user, which allows the user to authenticate. It may be a mobile, a desktop or a web browser for example.

You may also see “device” referred to as "trusted device" or “token“.

E

Enrollment

The enrollment is the process through which an applicant applies to become a user of TrustBuilder services. It can be composed of the user provisioning and device activation to uniquely link the user to its authentication mean.

F

FCM (Firebase Cloud Messaging)

Firebase Cloud Messaging (FCM) is a cross-platform messaging solution allowing to send messages and notifications to Android, iOS and web applications.

FIDO2

FIDO2 (Fast Identity Online 2) is the most recent FIDO Alliance standard. FIDO2 is a collaboration between the FIDO Alliance and the World Wide Web Consortium (W3C). It enables web applications to use strong passwordless authentication mechanisms such as biometrics and security keys.

G

Group Policy Object (GPO)

Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.

H

Helium

Browser token developed by TrustBuilder, supporting long secret codes called “passwords”.

Helium Backup

Browser extension that saves the activation data of the browser token Helium, VA (Virtual Authenticator) and mAccess Web in case the browser data is lost.

Hardware Security Module (HSM)

A physical computing device that safeguards and manages cryptographic keys and provides cryptographic processing. An HSM is or contains a cryptographic module.

I

Identity Provider

The service that serves as a source of identity and that confirms user identity. TrustBuilder may have the IdP role: it authenticates users and returns identity information to the Service Provider.

IWDS

InWebo Directory Sync (IWDS) is a Java application allowing any TrustBuilder service administrator to do bulk creation, modification and deletion of TrustBuilder MFA users and groups, based on input data taken from an LDAP directory or a .csv file.

L

LDAP

LDAP is the Lightweight Directory Access Protocol. This protocol allows clients to perform a variety of operations in a directory server, including storing and retrieving data, searching for data matching a given set of criteria.

Login

The login of an account is unique. It defines the id of an account. The login is required to use TrustBuilder services.

M

mAccess

Component which allows the integration of TrustBuilder MFA features to a mobile application.

mAccess Web

Component which allows the integration of a JavaScript library (simple-neon-lib.js) to a site. This allows to perform simple operations (OTP, Activation, PIN or password operations..) with an TrustBuilder service.

Multi-factor Authentication (MFA)

MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. It can be called 2FA when only 2 factors are used.

Microsoft Software Installer (MSI)

File extension. MSI files are used to install programs on Windows operating systems. It can be used to install, uninstall, configure, and update programs on the computer.

O

OpenID Connect (OIDC)

OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and to obtain basic user profile information.

One Time Password (OTP)

A OTP is generated by the user’s trusted device after providing requested authentication factor(s). A successful verification may provide access to a service or validates a transaction.

P

PIN

Personal Identification Number. It is the knowledge factor in a standard TrustBuilder service.

Provisioning

TrustBuilder documentation refers to user provisioning which is the process to create, modify, disable and delete user accounts and their profiles across IT infrastructure and business applications.

Push notification

Also called a push or a server push notification, it is the delivery of information to a device from an application server where the request for the transaction is initiated by the server rather than by an explicit request from the client.

R

RADIUS (Remote Authentication Dial-In User Service)

This is a networking protocol which controls user network access via authentication and accounting. It is frequently used for connecting to a network service, for example in VPN clients.

Remote Desktop Gateway

Remote Desktop Gateway on a server allows distant users to log in to an infrastructure securely.

Role

The role of an account determines if it’s a standard user, a manager or an administrator, and gives it rights on different TrustBuilder objects.

S

SAML

It is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.

SDK

“Software Development Kit “ is a set of software tools intended for developers, facilitating the development of software on a platform. You can use two SDKs to embed the solution for your use : mAccess for applications, or mAccess Web for a web page.

Sealing

Feature used to retrieve user consent during the authentication process for a specific context / transaction. The validation result can be used as a legal proof.

Secure Site

An application protected by the TrustBuilder MFA.

Security policy

Set of rules defining the maximum number of devices, browsers and mAccess applications a group user will be able to activate.

Selfcare

A group of functions that allows the user to manage his account.

Service

A group of users, connectors and security policies for a tenant.

Standard

A service that uses VA and the possibility to use PIN or password.

White label

A type of service enabling more customization of the graphical interfaces, that uses Helium as a browser token and a customizable knowledge factor called ‘password’.

Service Provider (SP)

An individual or entity that provides services, typically the services for which users seek authentication, including web or enterprise applications. The Service Provider requests authentication and identity information about the user.

SIEM

Security Information and Event Management is an approach of security management. It is possible to extract audit logs and use them as input in a SIEM software.

T

Tenant

A dedicated and trusted instance of TrustBuilder service. The tenant is created when signing up for TrustBuilder MFA services. A TrustBuilder tenant represents a single organization and consists of at least of one service. It is called a customer in administration console V1.

Theme

A theme defines the appearance of components, buttons, and all visual elements of the user interfaces. The TrustBuilder administrator can use the theme editor to customize the look and feel of your end users' graphical interface

Token

Token embedded in a user's trusted device (possession factor) that enables authentication via TrustBuilder MFA.

You may also see “token” referred to as "device" or “trusted device“.

Trusted Device

Possession factor of a user. It may be a mobile, a desktop or a web browser for example.

You may also see “trusted device” referred to as "device" or “token“.

U

Unlock Code

An unlock code can be used to unlock a PIN, a password or a device that is locked.

User

A TrustBuilder MFA user refers to an individual that has an account in the platform.

V

Virtual Authenticator (VA)

Virtual authenticator is a 2FA browser token developed by TrustBuilder. It consists of a JavaScript iframe called directly from an html page when a user attempts to access a resource protected by TrustBuilder.

W

Windows Logon

TrustBuilder Windows Logon is a feature that allows a user to open a Windows session with TrustBuilder MFA using a mobile Authenticator app.

Acronyms