Authentication methods

Authentication methods determine how users can enroll and authenticate when accessing applications.

📄 See User Enrollment and Authentication

As an administrator, you can define which authentication methods are visible and usable by users. You can also customize name, logo and description to ensure clarity during user authentication method selection.

Authentication methods in TrustBuilder are grouped into two categories: internal and external.

• Internal: managed by TrustBuilder

  • Built-in: Trustbuilder Authenticator Web, Mobile and Desktop, Security keys (Trustbuilder FIDO2).

  • Custom: application relying on TrustBuilder SDK.

• External: based on third-party Identity Providers (IdP).

Enable / Disable authentication methods

For each authentication method, use toggles to enable or disable authentication and registration:

Allow authentication	Controls whether users can authenticate using the authentication method. ENABLED → users can use the method to authenticate, if allowed by the authorization policy. DISABLED → users cannot use the method to authenticate.
Allow registration	Controls whether users can register the authentication method ENABLED → users can register the method. DISABLED → users cannot register the method. This is only available for internal methods. For external methods, the authentication methods are directly registered on the IdP.

Add an authentication method

TrustBuilder allows you to add internal and external authentication methods.

Internal authentication method

Internal authentication methods are maintained by TrustBuilder. To add a custom authentication method embedding Trustbuilder SDK:

1. Go to Authentication > Authentication Methods.

2. Click + Add an internal authentication method.

3. Select the application type:

   • Trustbuilder Authenticator - mobile for mobile app integrating Trustbuilder mobile SDK,

   • Trustbuilder Authenticator - web for page integrating Trustbuilder web SDK.

4. For Trustbuilder Authenticator - mobile, select the operating system(s) (Android and/or iOS) and the associated Custom Application (see Custom Applications).

5. Optional - Select the login portal used for users authentications. By default, Trustbuilder login portal is selected. Select the custom login portal embedding Trustbuilder Authenticator SDK. (see Custom Applications)

6. Customize the user-facing content:

   1. Display Name: Label shown on the button. It should be clear and user-friendly.
      Max 50 characters

   2. Description: Optional text under the display name, giving users additional information.
      Max 120 characters

   3. Logo: Icon shown on the button.

   4. Preview authentication button: Preview of what users will see at authentication method selection.

7. Click Add.
   The custom internal authentication method is successfully created.

8. You can configure the authentication level of this authentication method:

   1. Click on the three-dots icon > Manage > Technical details tab.

      

   2. Select the authentication level associated with this method. This is used in authorization policies.
      ⚠️ If you rename an authentication level, the change will not be automatically reflected here. You will need to reselect the authentication level. It is recommended to define a stable name when creating it.

External authentication method

External authentication methods rely on third-party Identity Providers (IdP).

1. Go to Authentication > Authentication Methods.

2. Click + Add an external authentication method.

3. Configure the authentication method:

Parameter	Description
Authentication method information
Identity Provider	Select an the Identity Provider of the authentication method. An IdP can support multiple authentication methods but each method must have a different authentication context (see below).
Authentication Level
Authentication level	Select the authentication level associated with this method. More information This value is used in authorization policies.
Authentication context in External IdP	Select the authentication context to indicate what TrustBuilder expects from external IdP: None (default): No context expected. Authentication Context Class Reference (ACR): the expected security level. Example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport Authentication Methods References (AMR): the expected authentication factors. Examples: pwd (password), mfa (multi-factor), otp (one-time passcode) The IdP returns what it applied during authentication and TrustBuilder checks if it matches its expectations.
Customize authentication method
Preview end-user button	Preview of what the user will see when selecting the method.
Logo	Icon shown on the button.
Name	Label shown on the button. It should be clear and user-friendly. Max 50 characters
Description	Optional text under the display name, giving users additional information. Max 120 characters

4. Click on Add.

The external authentication method is successfully created. You can now configure its authentication level.

Edit an authentication method

1. Go to Authentication > Authentication Methods.

2. Click on the three-dots icon then Manage.

3. Switch between tabs to configure parameters.

4. Click on Save changes.

Delete an authentication method

1. Go to Authentication > Authentication Methods.

2. Click on the three-dots icon of the authentication method to deleted.

3. Click on Delete.

4. Click on Yes, delete to confirm.

The external method authentication method is successfully deleted.

This authentication method will be permanently deleted. It will no longer be available in your authorization policies and users relying on it exclusively will be unable to sign in.