Skip to main content
Skip table of contents

Authentication methods

Authentication methods determine how users can enroll and authenticate when accessing applications.

📄 See User Enrollment and Authentication

As an administrator, you can define which authentication methods are visible and usable by users. You can also customize name, logo and description to ensure clarity during user authentication method selection.

Authentication methods in TrustBuilder are grouped into two categories: internal and external.

  • Internal: managed by TrustBuilder

    • Built-in: Trustbuilder Authenticator Web, Mobile and Desktop, Security keys (Trustbuilder FIDO2).

    • Custom: application relying on TrustBuilder SDK.

  • External: based on third-party Identity Providers (IdP).

Enabling / Disabling authentication methods

For each authentication method, you can use toggles to enable/disable the enrollment and authorization:

  • Enrollment: controls whether users can register the authentication method.

    • ENABLED → users can enroll using this method, if allowed by the enrollment policy.

    • DISABLED → users cannot enroll using this method.

  • Authorization: controls whether users can use the authentication method for authorization. Authorization is the OAuth2 concept defining in which conditions you can gain access to a specific resource.

    • ENABLED → users can use this method to authenticate, if allowed by the authorization policy.

    • DISABLED → users cannot use this method to authenticate.

Enrollment is only available for internal methods. For external methods, the authentication methods are directly enrolled on the IDP.

Add an authentication method

TrustBuilder allows you to add internal and external authentication methods.

Internal authentication method

Internal authentication methods are maintained by TrustBuilder and can be linked to a TrustBuilder mobile application.

  1. Go to Authentication > Authentication Methods.

  2. Click + Add an internal authentication method.

  3. Select Trustbuilder Authenticator mobile.

  4. Configure the authentication method:

Parameter

Description

Link mobile applications

OS

Select the supported operating system(s): Android and/or iOS.

Application source

Select the Custom Application associated with this authentication method.

This application must have been previously created in Applications > Custom Applications.

Customize authentication method

Preview end-user button

Preview of what the user will see when selecting the method.

Logo

Icon shown on the button.

Name

Label shown on the button. It should be clear and user-friendly.

Max 50 characters

Description

Optional text under the display name, giving users additional information.

Max 120 characters

  1. Click Add.

The internal authentication method is successfully created.

External authentication method

External authentication methods rely on third-party Identity Providers (IdP).

  1. Go to Authentication > Authentication Methods.

  2. Click + Add an external authentication method.

  3. Configure the authentication method:

Parameter

Description

Authentication method information

Identity Provider

Select an the Identity Provider of the authentication method.

An IdP can support multiple authentication methods but each method must have a different authentication context (see below).

Authentication Level

Authentication level

Select the authentication level associated with this method. The authentication level represents the strength of the method.

  • AAL1 – Basic (example: password only)

  • AAL2 – Medium (example: password + OTP)

  • AAL3 – High (example: FIDO2 key)

This value is used in authorization policies.

Authentication context in External IdP

Select the authentication context to indicate what TrustBuilder expects from external IdP:

  • None (default): No context expected.

  • Authentication Context Class Reference (ACR): the expected security level.
    Example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

  • Authentication Methods References (AMR): the expected authentication factors.
    Examples: pwd (password), mfa (multi-factor), otp (one-time passcode)

The IdP returns what it applied during authentication and TrustBuilder checks if it matches its expectations.

Customize authentication method

Preview end-user button

Preview of what the user will see when selecting the method.

Logo

Icon shown on the button.

Name

Label shown on the button. It should be clear and user-friendly.

Max 50 characters

Description

Optional text under the display name, giving users additional information.

Max 120 characters

  1. Click on Add.

The external authentication method is successfully created.

Edit an authentication method

  1. Go to Authentication > Authentication Methods.

  2. Click on the three-dots icon then Manage.

  3. Switch between tabs to configure parameters.

    • Note that for internal authentication methods:

      • some parameters cannot be edited

      • the authentication method name can differ from the display name.

      • there is an enrollment settings tab for security keys

  4. Click on Save changes.

Delete an authentication method

  1. Go to Authentication > Authentication Methods.

  2. Click on the three-dots icon of the authentication method to deleted.

  3. Click on Delete.

  4. Click on Yes, delete to confirm.

The external method authentication method is successfully deleted.

This authentication method will be permanently deleted. It will no longer be available in your authorization policies and users relying on it exclusively will be unable to sign in.

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close