Idenprotect Authentication Portal - First authentication and navigation

From iDENprotect Knowledge Base
Jump to: navigation, search

If you have not yet installed your application, please Start Here - idenprotect Authentication Portal. Please note that use of the idenprotect Authentication Portal also requires the idenprotect Core Platform. If this is not yet installed, please Start Here - idenprotect Core Platform.

Introduction

The idenprotect Authentication Portal is where a user authenticates in order to access all of the applications that have been integrated with idenprotect. Once the user has authenticated to the Authentication Portal they can access any of these applications without needing to authenticate again.

Supported web browsers

The following web browsers are supported: -

  • Internet Explorer / Microsoft Edge (version 10 onwards)
  • Google Chrome (version 61 onwards)
  • Mozilla Firefox (version 55 onwards)


Quick Start Wizard

If you have installed version 3.11.0 or above, you will have access to a Quick Start Wizard. The Quick Start Wizard will assist you with the initial set up and you will be able to enroll a device with a test user account, complete authentication with the idenprotect Authentication Portal and arrive logged in to the idenprotect User Portal. We strongly recommend following this process if you have access to it as it will give you a feel for the overall usage and how things work. For more information, please see the Idenprotect Core Platform Quick Start Guide.

The rest of this article will focus on the user experience of authenticating and accessing Service Providers and will assume that a device has already been enrolled or other methods of authentication have already been established.


Authentication

Login Screen

Once the Authentication Portal is installed and running you should be able to see the login page by navigating to https://<serverhostname>/idp

Authportallogin.png

Authenticating

The user enters their email address in the login on form and selects Authenticate.

If the email address they enter does not match a valid and enabled account on the Core Platform an unauthorised message will be shown on screen.

Auhtportalnotauthorised.png

If the email address is valid the screen will change and show the instructions to open the idenprotect For Mobile application.

Auhtportallogin.png

If the Authentication Portal has been configured, the user will be sent a push notification to their device.

The user can complete the authentication process by either: -

  • Opening the idenprotect for Mobile application on their device, selecting the authenticate option, authenticating biometrically and proceeding through the information shown in the idenprotect For Mobile application
  • Clicking on the push notification, authenticating biometrically and proceeding through the information shown in the idenprotect For Mobile application
  • If configured, selecting an alternative Authentication Option on the idenprotect Authentication Portal and completing the required steps


Service Providers

By authenticating by firstly going directly to the idenprotect Authentication Portal login screen, once authenticated, the user should be presented with a selection of Service Providers. The Service Providers shown here will be a subset of all configured Service Providers on the idenprotect Core Platform.

The subset is determined by a number of factors including: -

  • Group restrictions on the Service Provider
  • Authentication type restrictions on the Service Provider
  • Authentication type restrictions on any groups that the User may belong to

As the user is now authenticated, they can click on any of the Service Providers available to them and the Authentication Portal will complete the necessary steps to authenticate directly with the Service Provider (these authentication steps can include SAML, RADIUS, OAuth or for legacy applications, a form submission with a Username and Password).


Going direct to a Service Provider

With SAML configurations, instead of logging into the idenprotect Authentication Portal, users can go directly to the Service Provider. As long as the Service Provider has already been configured to authenticate via SAML, the Service Provider will redirect the user to the idenprotect Authentication Portal. If the user has already authenticated with idenprotect Authentication Portal, the redirect back to the Service Provider with a SAML response will happen automatically and almost instantly. If the user has not yet authenticated, they will need to complete the authentication first. On successful authentication, instead of seeing the Service Provider screen on the idenprotect Authentication Portal, they will be redirected back with a SAML response.