Authentication methods
Authentication methods determine how users can enroll and authenticate when accessing applications.
As an administrator, you can define which authentication methods are visible and usable by users. You can also customize name, logo, and description to ensure clarity during user authentication method selection.
Authentication methods in TrustBuilder are grouped into two categories: built-in and external.
BUILT-IN methods are developed and maintained by TrustBuilder:
TrustBuilder Authenticator Web → browser-based authentication using TrustBuilder browser token.
TrustBuilder Authenticator Mobile → authentication with TrustBuilder Authenticator mobile app.
TrustBuilder Authenticator Desktop → authentication with TrustBuilder Authenticator desktop app.
Security keys → FIDO2-base
EXTERNAL methods are based on third-party identity providers.
Enabling / Disabling authentication methods
For each authentication method, you can use toggles to enable/disable the enrollment and authorization:
Enrollment: controls whether users can register the authentication method.
ENABLED → users can enroll using this method, if allowed by the enrollment policy.
DISABLED → users cannot enroll using this method.
Authorization: controls whether users can use the authentication method for authorization. Authorization is the OAuth2 concept defining in which conditions you can gain access to a specific resource.
ENABLED → users can use this method to authenticate, if allowed by the authorization policy.
DISABLED → users cannot use this method to authenticate.
Enrollment is only available for built-in methods. For external methods, the authentication methods are directly enrolled on the IDP.
Add an authentication method
To add an authentication method:
Go to Authentication > Authentication Methods.
Click on + Add authentication method.
Configure the authentication method:
Parameter | Description |
|---|---|
Identity Provider | Select an the Identity Provider of the authentication method. An IdP can support multiple authentication methods but each method must have a different authentication context (see below). |
Authentication level | Select the authentication level associated with this method. The authentication level represents the strength of the method.
This value is used in authorization policies. |
Authentication context in External IdP | If required by the IdP, select the context and provide the value expected by the IdP.
|
Preview end-user button | Preview of what the user will see when selecting the method. |
Logo | Icon shown on the button. |
Name | Label shown on the button. It should be clear and user-friendly. Max 50 characters |
Description | Optional text under the display name, giving users additional information. Max 120 characters |
Click on Save changes.
The external authentication method is successfully created.
Edit an authentication method
Go to Authentication > Authentication Methods.
To edit:
a built-in authentication method, click on Manage for the method to configure.
an external authentication method, click on the three-dots icon then Manage.
Switch between tabs to configure parameters.
Note that for built-in authentication methods:
some parameters cannot be edited
the authentication method name can differ from the display name.
there is an enrollment settings tab for security keys
Click on Save changes.
Delete an authentication method
Go to Authentication > Authentication Methods.
Click on the three-dots icon of the external authentication method to deleted.
Click on Delete.
Click on Yes, delete to confirm.
The external method authentication method is successfully deleted.
This external authentication method will be permanently deleted. It will no longer be available in your authorization policies and users relying on it exclusively will be unable to sign in.