Authentication methods

As an administrator, you can define which authentication methods are visible and usable by users. You can also customize name, logo and description to ensure clarity during user authentication method selection.

📄 See User Enrollment and Authentication

Authentication methods in TrustBuilder are grouped into two categories: internal and external.

• Internal: managed by TrustBuilder

  • Built-in: Trustbuilder Authenticator Web, Mobile and Desktop, Security keys (Trustbuilder FIDO2).

  • Custom: application relying on TrustBuilder SDK.

• External: based on third-party Identity Providers (IdP).

Enable / Disable authentication methods

For each authentication method, use toggles to enable or disable authentication and registration:

Allow authentication	Controls whether users can authenticate using the authentication method. ENABLED → users can use the method to authenticate, if allowed by the authorization policy. DISABLED → users cannot use the method to authenticate.
Allow registration	Controls whether users can register the authentication method ENABLED → users can register the method. DISABLED → users cannot register the method. This is only available for internal methods. For external methods, the authentication methods are directly registered on the IdP.

Add an authentication method

TrustBuilder allows you to add internal and external authentication methods.

Internal method

Internal authentication methods are maintained by TrustBuilder. To add a custom authentication method embedding Trustbuilder SDK:

1. Go to Authentication > Authentication Methods.

2. Click + Add an internal method.

3. Select the application type:

   

   • Trustbuilder Authenticator - mobile for mobile app integrating Trustbuilder mobile SDK,

   • Trustbuilder Authenticator - web for page integrating Trustbuilder web SDK.

4. For Trustbuilder Authenticator - mobile, select the operating system(s) (Android and/or iOS) and the associated Custom Application (see Custom Applications).

   

5. Optional - Select the login portal used for users authentications.
   By default, Trustbuilder login portal is selected. Select the custom login portal embedding Trustbuilder Authenticator SDK. (see Custom Applications)

   

6. Customize the user-facing content:

   1. Display Name: Label shown on the button. It should be clear and user-friendly.
      Max 50 characters

   2. Description: Optional text under the display name, giving users additional information.
      Max 120 characters

   3. Logo: Icon shown on the button.

   4. Preview authentication button: Preview of what users will see at authentication method selection.

7. Click Add.
   The custom internal authentication method is successfully created.

8. Configure the authentication level of this authentication method:

   1. Click on the pen icon > Technical details tab.

   2. Select the authentication level associated with this method. This is used in authorization policies.

      

      ⚠️ If you have renamed an authentication level, the change will not be automatically reflected here. You will need to reselect the authentication level.
      It is recommended to define a stable name when creating it.

External method

External authentication methods rely on third-party Identity Providers (IdP).

1. Go to Authentication > Authentication Methods.

2. Click + Add an external method.

3. Select the Identity Provider associated with this authentication method.

   

An IdP can support multiple authentication methods but each method must have a different authentication context.

4. Configure the authentication level:

   1. Select the authentication level associated with this method. This is used in authorization policies.

      

      ⚠️ If you have renamed an authentication level, the change will not be automatically reflected here. You will need to reselect the authentication level.
      It is recommended to define a stable name when creating it.

   2. Select the authentication level to indicate what TrustBuilder expects from external IdP:

      • No value expected (default)

      • Authentication Context Class Reference (ACR) the expected ACR value.
        Example: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

      • Authentication Methods References (AMR): the expected AMR value.
        Examples: pwd (password), mfa (multi-factor), otp (one-time passcode)
        

        The IdP returns what it applied during authentication and TrustBuilder checks if it matches expectations.
        An IdP can support multiple authentication methods but each method must have a different authentication context.

5. Customize the user-facing content:

   1. Display Name: Label shown on the button. It should be clear and user-friendly.
      Max 50 characters

   2. Description: Optional text under the display name, giving users additional information.
      Max 120 characters

   3. Logo: Icon shown on the button.

   4. Preview authentication button: Preview of what users will see at authentication method selection.

6. Click Add.

The authentication method is successfully created.

Edit an authentication method

1. Go to Authentication > Authentication Methods.

2. Click the pen icon.

3. Switch between tabs to configure parameters.

4. Click on Save changes.

Delete an authentication method

1. Go to Authentication > Authentication Methods.

2. Click the trash icon.

3. Click on Delete to confirm.

The authentication method is successfully deleted.

This authentication method will be permanently deleted. It will no longer be available in your authorization policies and users relying on it exclusively will be unable to sign in.