KOBIL AST Login
KOBIL AST Login
The main task of this execution is to perform Actions configuration (such as activate, login, link, update MLoA, unlink and unlink All) on the AST services.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To configure the authenticator, follow these steps
- Select the
Settingsbutton - Click
Config.
Choose the actions you want to proceed with and enter the necessary configuration data. By following these steps, you will be able to successfully configure the authenticator.
Configuration
Parameters involved in AST Login execution
| Parameter | Description |
|---|---|
| Alias | Name for the overall configured configurations which occurs in particular authenticator (Example: AST Login) |
| Action | Choose the actions that the authenticator should perform. The Actions in the config include:activate: An API trigger for obtaining an AST Client ID for users. AST activation is the process of requesting a new AST Client ID (Device ID) for the requested user.link: The API trigger links the AST Client ID to the User ID.login: An API trigger verifies the AST Client ID, AST Client data, and user details, then proceeds with device login.updateMLoa: An API trigger will be initiated, updating the selected MLoA option (“NONE”, "OUT-OF-BAND" or "WEAK-OUT-OF-BAND") for the device based on the “MLoA” config in AST Login authenticator. Maverick Level of Assurance (MLoA), allows you to set the appropriate level of security for user authentication, ensuring compliance with organizational policies and security requirements.unlink: An API trigger is used to unlink an AST Client ID (corresponding device) from the user’s account.unlinkAll: An API trigger is used to unlink all the AST ClientIDs (Devices) registered against the user ID. |
| MLoA | If updateMLoa has been selected in the Action feature the selected value will be verified for the device. |
| AST Client ID Optional | - Enable to make AST Client ID Optional for AST activation. - When the AST Client ID Optional setting is enabled, the AST Client ID header can be skipped during the flow invocation, as the IDP will automatically set a null ID if no header is passed before invoking the activation call. - In other scenarios, the AST Client ID Optional should be disabled because the AST Client ID is mandatory for all other actions. |
| Set Hidden First Factors | Enable to set the "hidden_first_factor" as the password after activation. |
| Read AST Client ID and Client Data from Session | - Enable to always read AST Client ID and AST Client Data from the session. - If this config is enabled, it will retrieve AST Client ID and AST Client data only from the session. - If disabled, it will read AST details from the header if data is available, otherwise, it will read from the session. - To set header value we need either of these two authenticators to be set as first authenticator in the authentication flow. which is, Store AST Header to Session, KOBIL Verify User Identity |
| Prompt User Before Unbind All | If enabled, it will request confirmation before unlinking the device(s) in the Confirmation screen. If disabled, it will unlink without a Confirmation screen. |
| JSON Script | To display prompt information in JSON in the Headless V2 theme when "Prompt User Before Unbind All" is enabled. |
User Flow
This execution contains the following main steps:
- KOBIL AST Login must be preceded by One-Factor Authentication (1FA) since it procures a user's identity validation from this precedent Authenticator. For instance: KOBIL Username Password Form.
- KOBIL AST Login authenticator will perform actions (such as activate, login, link, update MLoA, unlink and unlinkA`ll) based on the configs, it provides support for the AST service.