Technical overview
Platform components
The TrustBuilder platform consists of the following components:
TrustBuilder.io
TrustBuilder.Connect
TrustBuilder MFA
TrustBuilder.io is the backbone of the platform and is basically run as Software-as-a-Service. The TrustBuilder.io platform performs policy administration, session lifecycle management, persona lifecycle management, notification management, and provides the basis for analytics and anomaly detection. TrustBuilder.io is cloud-native and is managed by TrustBuilder.
TrustBuilder.Connect provides intimate connectivity with the customer’s own applications and external services. It performs identity verification, user authentication, federation of identification and authentication, and consults with authoritative sources for identity proofing and contextual policy information. The authentication protocols, such as OIDC and SAML, occur directly with TrustBuilder.Connect. It includes a catalog of out-of-the-box connectors.
TrustBuilder MFA offers a patented, proprietary authentication factor for passwordless authentication and transaction signing, and can be used with and without a smartphone.
All functionality of the TrustBuilder platform is made available to the customer through RESTful APIs, implementing an API-first model. This includes the management of policies, configurations and settings, which is also available through the Admin Portal.
A high-level architecture is illustrated below:
The TrustBuilder.io component contains following repositories:
Policies
This is the set of declarative policies and rules and access flows. Policies are defined in a declarative way so they can easily be reviewed, audited, and re-used. Its repository is accessible through the/policies
API. Its functionality is detailed in Access Management > Defining Security PoliciesConfigurations
This contains all configurations, settings, definitions and templates. They are managed in a Git repository for versioning and branching. They are managed through the/config
API. Its functionality is detailed in Configuration Guide.Credentials
This includes processing and storing traditional username/password, linked authentication factors as well as consents to obtain attributes from identity providers. See Configuration Guide > Connecting Identity ProvidersPersonas
This embodies the lifecycle and specific attributes of personas that are linked to a user profile. The unique TrustBuilder personas model enables persona-driven authentication, persona-driven onboarding, and persona-driven policies. Its repository is accessible through the/users
API. Its functionality is detailed in Configuration Guide > Working with PersonasSessions
This embodies the lifecycle and attributes of user sessions. Thanks to its unique session lifecycle management, TrustBuilder offers Adaptive Authentication in a very natural way. Its repository is accessible through the/sessions
API. Its functionality is detailed in Access Management > User SessionsTasks
This records the pending tasks for users to confirm, approve, reject or reset something. This ‘something’ may potentially have been initiated by another user or by a back-end system. Its repository is accessible through the/notifications
API. Its functionality is detailed in Configuration Guide > Defining Notifications (available soon)
The TrustBuilder.Connect component is delivered as a private component, managed by TrustBuilder or by the customer. TrustBuilder.Connect is available as an option and is subject to specific commercial agreements. Contact Sales. Its private nature allows it to integrate intimately with back-end applications (e.g. fraud detection), private authoritative sources and external providers. The link from TrustBuilder.io (SaaS) to TrustBuilder.Connect (private) is event-driven and is under security control of the customer.
TrustBuilder.Connect processes and maintains the following data:
Workflows
This repository contains the custom workflows. Using an orchestration framework, a workflow is a series of steps that define an integration process using API calls to back-end applications and external systems. See Configuration Guide > Defining Workflows
Deployment options
TrustBuilder offers the customer a number of deployment options. The first deployment option is the default. The other deployment options are subject to specific commercial agreements. Contact Sales
Module | Deployment options |
---|---|
TrustBuilder.io | Default option:
Option EU Sovereignty
Option Self-managed in Private Cloud
|
TrustBuilder.Connect | Default option:
Option Self-managed in Private Cloud
Option Self-managed Docker
|
TrustBuilder MFA | Default option:
Option Self-managed Docker
|
When TrustBuilder.io is deployed as SaaS in TrustBuilder cloud, the following type of tenants are made available:
Production tenant
Reflects the tenant connected to your production environment. It is provided with the strong TrustBuilder SLA as it serves end-users in production. This environment is not meant for development, testing, quality assurance or performance test activities except during the initial migration.Non-Production tenant
A full-feature sandbox environment for testing your integrations and configurations prior putting them in production.Preview tenant
A Preview sandbox environment for testing new features of the Preview version. Availability of a Preview tenant for you is subject to specific commercial agreements. Contact Sales
Additional tenants can be requested, subject to specific commercial agreements. Contact Sales
When TrustBuilder.Connect is deployed as Private in TrustBuilder cloud, the following type of instances are made available:
Production instance
Reflects the instance connected to your production environment. It is provided with the strong TrustBuilder SLA as it serves end-users in production. This environment is not meant for development, testing, quality assurance or performance test activities except during the initial migration.Non-Production instance
A full-feature sandbox environment for testing your workflows, connectors, integrations and configurations prior putting them in production.
Additional instances can be requested, subject to specific commercial agreements. Contact Sales
When you choose the “Option Self-managed Docker”, please refer to TrustBuilder.Connect installation guide for installation instructions.
The TrustBuilder platform has a number of repositories. In the SaaS and Managed deployments, redundancy, back-up, replication and migration of these repositories is taken care of by TrustBuilder. TrustBuilder uses database clustering across multiple datacenters and real-time replication between the instances. TrustBuilder provides the option to add multi-region clustering, which is subject to specific commercial agreements. Contact Sales
These repositories can also be used to feed Data Analytics platforms.
In “private” deployments, your operations team will need to take care of those functions. To that extent, the TrustBuilder platform adopts the following database technologies:
MongoDB
MySQL