KOBIL Verify User Identity
Overview
The primary function of this authenticator is to verify a user's identity during the login process. It is essential for authenticating users before granting access to applications.
Type
| Protocol | OpenID Connect 1.0 |
|---|---|
| HTTP method | GET |
| Type | Browser Flow |
| Endpoint | Authorization Endpoint |
| Flow Supported | Authorization code flow Implicit flow Hybrid flow |
| Response | ID Token, Access Token, Refresh Token |
| Response Mode | query, form_post, fragment |
How to configure
To configure the authenticator, follow these steps:
- Navigate to Authentication tab
- Click
Add step - Select the authenticator to proceed with the next step
- Keep the default
Settingsunchanged.
By following these steps, you will be able to successfully configure the authenticator.
Configuration
Parameters involved in KOBIL Verify User Identity execution
| Parameter | Description |
|---|---|
| Alias | Name for the overall configured configurations which occurs in particular authenticator. (Example: KOBIL Verify User Identity ) |
| Authenticator Reference | Authenticator Reference Specifies the authentication method used, such as password (pwd), one-time password (OTP). This reference is used to track authentication steps in the authentication flow. |
| Authenticator Reference Max Age | Authenticator Reference Max Age specifies the validity period (in seconds) for a completed authentication. Once this time expires, the user must re-authenticate using the specified method. |
| Authentication Flow Type | Choose the actions that the authenticator should perform. The Actions in the config include: First-Login : If First-Login is selected, the system initiates an AST Activation call to activate the device. Subsequent-Login: If Subsequent-Login is selected, the system triggers an AST Login call to perform device login.Reset-Credentials : If the Reset-Credentials option is enabled, it enables the Back button in the authentication flow. For example : This lets users go back to the login page if they suddenly remember their password and don’t want to reset it. |
| User Identity attribute | Defines the attribute used to locate and identify the user in the system, such as email, username or User attribute. |
| Display User Identity attribute | Specify the attribute to display on the front end after identifying the user such as first name, last name, username, or email. |
| User Attribute | Configure the user attribute through which login validation should happen. This should be set only if the User Identity Attribute value is set to user attribute. |
| Enable Password Check | Password verification will be executed during login flow when Enable Password Check is enabled. |
| Disable the check for registration status | If Disable the check for registration status is enabled, it won't check the user registration status.Note: Registration status will be stored in user attributes. |
| Disable show previous input | If enabled, it will erase the previously entered inputs. |
| Invalid credentials message | Invalid credentials message displays the message when user credentials are invalid. Example: The information you entered could not be verified. Please check all the information and try again. |
| OTP temporarily locked message | Display the configured message to notify users when the user is temporarily locked due to too many OTP requests. Example: You have requested too many verification codes and have been locked out. Please try again in %timer%. |
| ACR value | Configured ACR value which will be set in the token if verification succeeds. |
| AMR value | Configured AMR value, which will be set in the token if verification succeeds. |
| Show Success Popup screen | Enable to show an explicit success popup after user identity verification. |
| Success Popup Title | Configure the text that will be displayed in the success popup title. |
| Success Popup Description | Configure the text that will be displayed in the success popup body. |
| Is Captcha Required | Enable Is Captcha Required to add Captcha Verification to the flow to protect against automated bot attacks and ensure user authenticity. Note: Ensure all required preconfigurations are configured for Captcha to function properly. For details on captcha pre-configurations, refer to KOBIL Captcha Documentation. |
Parameter specific to Bruteforce feature
| Parameter | Description |
|---|---|
| User disabled message | Message to be displayed when the user is disabled. Default Message: User is currently disabled, please contact admin. |
| User temporarily locked message | Message to be displayed when the user is temporarily locked. Example: User is temporarily locked for %time% minutes. |
| Reset Bruteforce failure count | If the Reset Bruteforce Failure Count option is enabled, the failure count will be reset to 0 upon successful login. |
User Flow
This execution contains the following main steps:
- KOBIL Verify User Identity works as a standalone step to configure a user and is used in the login flow.