Skip to main content
Skip table of contents

Technical overview

Platform components

The TrustBuilder platform consists of the following components:

  • TrustBuilder.io

  • TrustBuilder.Connect

  • TrustBuilder MFA

TrustBuilder.io is the backbone of the platform and is basically run as Software-as-a-Service. The TrustBuilder.io platform performs policy administration, session lifecycle management, persona lifecycle management, notification management, and provides the basis for analytics and anomaly detection. TrustBuilder.io is cloud-native and is managed by TrustBuilder.

TrustBuilder.Connect provides intimate connectivity with the customer’s own applications and external services. It performs identity verification, user authentication, federation of identification and authentication, and consults with authoritative sources for identity proofing and contextual policy information. The authentication protocols, such as OIDC and SAML, occur directly with TrustBuilder.Connect. It includes a catalog of out-of-the-box connectors.

TrustBuilder MFA offers a patented, proprietary authentication factor for passwordless authentication and transaction signing, and can be used with and without a smartphone.

All functionality of the TrustBuilder platform is made available to the customer through RESTful APIs, implementing an API-first model. This includes the management of policies, configurations and settings, which is also available through the Admin Portal.

A high-level architecture is illustrated below:

The TrustBuilder.io component contains following repositories:

  1. Policies
    This is the set of declarative policies and rules and access flows. Policies are defined in a declarative way so they can easily be reviewed, audited, and re-used. Its repository is accessible through the /policies API. Its functionality is detailed in Access Management > Defining Security Policies

  2. Configurations
    This contains all configurations, settings, definitions and templates. They are managed in a Git repository for versioning and branching. They are managed through the /config API. Its functionality is detailed in Configuration Guide.

  3. Credentials
    This includes processing and storing traditional username/password, linked authentication factors as well as consents to obtain attributes from identity providers. See Configuration Guide > Connecting Identity Providers

  4. Personas
    This embodies the lifecycle and specific attributes of personas that are linked to a user profile. The unique TrustBuilder personas model enables persona-driven authentication, persona-driven onboarding, and persona-driven policies. Its repository is accessible through the /users API. Its functionality is detailed in Configuration Guide > Working with Personas

  5. Sessions
    This embodies the lifecycle and attributes of user sessions. Thanks to its unique session lifecycle management, TrustBuilder offers Adaptive Authentication in a very natural way. Its repository is accessible through the /sessions API. Its functionality is detailed in Access Management > User Sessions

  6. Tasks
    This records the pending tasks for users to confirm, approve, reject or reset something. This ‘something’ may potentially have been initiated by another user or by a back-end system. Its repository is accessible through the /notifications API. Its functionality is detailed in Configuration Guide > Defining Notifications (available soon)

The TrustBuilder.Connect component is delivered as a private component, managed by TrustBuilder or by the customer. TrustBuilder.Connect is available as an option and is subject to specific commercial agreements. Contact Sales. Its private nature allows it to integrate intimately with back-end applications (e.g. fraud detection), private authoritative sources and external providers. The link from TrustBuilder.io (SaaS) to TrustBuilder.Connect (private) is event-driven and is under security control of the customer.

TrustBuilder.Connect processes and maintains the following data:

  • Workflows
    This repository contains the custom workflows. Using an orchestration framework, a workflow is a series of steps that define an integration process using API calls to back-end applications and external systems. See Configuration Guide > Defining Workflows

Deployment options

TrustBuilder offers the customer a number of deployment options. The first deployment option is the default. The other deployment options are subject to specific commercial agreements. Contact Sales

Module

Deployment options

TrustBuilder.io

Default option:

  • SaaS in TrustBuilder cloud

Option EU Sovereignty

  • SaaS in TrustBuilder EU-sovereign cloud

Option Self-managed in Private Cloud

  • Private in customer Google Cloud Platform

TrustBuilder.Connect

Default option:

  • Not installed by default

Option Self-managed in Private Cloud

  • Private in customer Google Cloud Platform

Option Self-managed Docker

  • Private in Kubernetes or equivalent

TrustBuilder MFA

Default option:

  • SaaS in TrustBuilder cloud

Option Self-managed Docker

  • Private in Kubernetes or equivalent

When TrustBuilder.io is deployed as SaaS in TrustBuilder cloud, the following type of tenants are made available:

  • Production tenant
    Reflects the tenant connected to your production environment. It is provided with the strong TrustBuilder SLA as it serves end-users in production. This environment is not meant for development, testing, quality assurance or performance test activities except during the initial migration.

  • Non-Production tenant
    A full-feature sandbox environment for testing your integrations and configurations prior putting them in production.

  • Preview tenant
    A Preview sandbox environment for testing new features of the Preview version. Availability of a Preview tenant for you is subject to specific commercial agreements. Contact Sales

Additional tenants can be requested, subject to specific commercial agreements. Contact Sales

When TrustBuilder.Connect is deployed as Private in TrustBuilder cloud, the following type of instances are made available:

  • Production instance
    Reflects the instance connected to your production environment. It is provided with the strong TrustBuilder SLA as it serves end-users in production. This environment is not meant for development, testing, quality assurance or performance test activities except during the initial migration.

  • Non-Production instance
    A full-feature sandbox environment for testing your workflows, connectors, integrations and configurations prior putting them in production.

Additional instances can be requested, subject to specific commercial agreements. Contact Sales

When you choose the “Option Self-managed Docker”, please refer to TrustBuilder.Connect installation guide for installation instructions.

The TrustBuilder platform has a number of repositories. In the SaaS and Managed deployments, redundancy, back-up, replication and migration of these repositories is taken care of by TrustBuilder. TrustBuilder uses database clustering across multiple datacenters and real-time replication between the instances. TrustBuilder provides the option to add multi-region clustering, which is subject to specific commercial agreements. Contact Sales

These repositories can also be used to feed Data Analytics platforms.

In “private” deployments, your operations team will need to take care of those functions. To that extent, the TrustBuilder platform adopts the following database technologies:

  • MongoDB

  • MySQL

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.