Idenprotect Authentication Portal - First authentication and navigation
If you have not yet installed your application, please Start Here - idenprotect Authentication Portal. Please note that use of the idenprotect Authentication Portal also requires the idenprotect Core Platform. If this is not yet installed, please Start Here - idenprotect Core Platform.
The idenprotect Authentication Portal is where a user authenticates in order to access all of the applications that have been integrated with idenprotect. Once the user has authenticated to the Authentication Portal they can access any of these applications without needing to authenticate again.
Supported web browsers
The following web browsers are supported: -
- Internet Explorer / Microsoft Edge (version 10 onwards)
- Google Chrome (version 61 onwards)
- Mozilla Firefox (version 55 onwards)
Quick Start Wizard
If you have installed version 3.11.0 or above, you will have access to a Quick Start Wizard. The Quick Start Wizard will assist you with the initial set up and you will be able to enroll a device with a test user account, complete authentication with the idenprotect Authentication Portal and arrive logged in to the idenprotect User Portal. We strongly recommend following this process if you have access to it as it will give you a feel for the overall usage and how things work. For more information, please see the Idenprotect Core Platform Quick Start Guide.
The rest of this article will focus on the user experience of authenticating and accessing Service Providers and will assume that a device has already been enrolled or other methods of authentication have already been established.
Once the Authentication Portal is installed and running you should be able to see the login page by navigating to https://<serverhostname>/idp
The user enters their email address in the login on form and selects Authenticate.
If the email address they enter does not match a valid and enabled account on the Core Platform an unauthorised message will be shown on screen.
If the email address is valid the screen will change and show the instructions to open the idenprotect For Mobile application.
If the Authentication Portal has been configured, the user will be sent a push notification to their device.
The user can complete the authentication process by either: -
- Opening the idenprotect for Mobile application on their device, selecting the authenticate option, authenticating biometrically and proceeding through the information shown in the idenprotect For Mobile application
- Clicking on the push notification, authenticating biometrically and proceeding through the information shown in the idenprotect For Mobile application
- If configured, selecting an alternative Authentication Option on the idenprotect Authentication Portal and completing the required steps
By authenticating by firstly going directly to the idenprotect Authentication Portal login screen, once authenticated, the user should be presented with a selection of Service Providers. The Service Providers shown here will be a subset of all configured Service Providers on the idenprotect Core Platform.
Users will only be shown Service Providers that they are permitted to view based on any Group restrictions which may have been configured. In addition to this, if a User has not logged in with a permitted Authentication type (which may have been configured either for the Service Provider directly or for a Group that the User may belong to). Service Providers which a User would normally be permitted to access but is unable to due to logging in with a different authentication type will be shown to the User but Greyed out, unclickable and will display a message when the mouse is hovered over to inform the User why they are not able to access it.
As the user is now authenticated, they can click on any of the Service Providers available to them and the Authentication Portal will complete the necessary steps to authenticate directly with the Service Provider (these authentication steps can include SAML, RADIUS, OAuth or for legacy applications, a form submission with a Username and Password).
Going direct to a Service Provider
With SAML configurations, instead of logging into the idenprotect Authentication Portal, users can go directly to the Service Provider. As long as the Service Provider has already been configured to authenticate via SAML, the Service Provider will redirect the user to the idenprotect Authentication Portal. If the user has already authenticated with idenprotect Authentication Portal, the redirect back to the Service Provider with a SAML response will happen automatically and almost instantly. If the user has not yet authenticated, they will need to complete the authentication first. On successful authentication, instead of seeing the Service Provider screen on the idenprotect Authentication Portal, they will be redirected back with a SAML response.