Skip to main content

KOBIL Verify User Identity

Overview

The primary function of this authenticator is to verify a user's identity during the login process. It is essential for authenticating users before granting access to applications.

Type

ProtocolOpenID Connect 1.0
HTTP methodGET
TypeBrowser Flow
EndpointAuthorization Endpoint
Flow SupportedAuthorization code flow
Implicit flow
Hybrid flow
ResponseID Token, Access Token, Refresh Token
Response Modequery, form_post, fragment

How to configure

To configure the authenticator, follow these steps:

  1. Navigate to Authentication tab
  2. Click Add step
  3. Select the authenticator to proceed with the next step
  4. Keep the default Settings unchanged.

By following these steps, you will be able to successfully configure the authenticator.

KOBIL Verify User Identity

Configuration

Parameters involved in KOBIL Verify User Identity execution

ParameterDescription
AliasName for the overall configured configurations which occurs in particular authenticator. (Example: KOBIL Verify User Identity )
Authenticator ReferenceAuthenticator Reference    Specifies the authentication method used, such as password (pwd), one-time password (OTP). This reference is used to track authentication steps in the authentication flow.
Authenticator Reference Max AgeAuthenticator Reference Max Age specifies the validity period (in seconds) for a completed authentication. Once this time expires, the user must re-authenticate using the specified method.
Authentication Flow TypeChoose the actions that the authenticator should perform. The Actions in the config include:
First-Login : If First-Login is selected, the system initiates an AST Activation call to activate the device.

Subsequent-Login: If Subsequent-Login is selected, the system triggers an AST Login call to perform device login.

Reset-Credentials : If the Reset-Credentials option is enabled, it enables the Back button in the authentication flow. For example : This lets users go back to the login page if they suddenly remember their password and don’t want to reset it.
User Identity attributeDefines the attribute used to locate and identify the user in the system, such as email, username or User attribute.
Display User Identity attributeSpecify the attribute to display on the front end after identifying the user such as first name, last name, username, or email.
User AttributeConfigure the user attribute through which login validation should happen. This should be set only if the User Identity Attribute value is set to user attribute.
Enable Password CheckPassword verification will be executed during login flow when Enable Password Check is enabled.
Disable the check for registration statusIf Disable the check for registration status is enabled, it won't check the user registration status.
Note: Registration status will be stored in user attributes.
Disable show previous inputIf enabled, it will erase the previously entered inputs.
Invalid credentials messageInvalid credentials message displays the message when user credentials are invalid. Example: The information you entered could not be verified. Please check all the information and try again.
OTP temporarily locked messageDisplay the configured message to notify users when the user is temporarily locked due to too many OTP requests.
Example: You have requested too many verification codes and have been locked out. Please try again in %timer%.
ACR valueConfigured ACR value which will be set in the token if verification succeeds.
AMR valueConfigured AMR value, which will be set in the token if verification succeeds.
Show Success Popup screenEnable to show an explicit success popup after user identity verification.
Success Popup TitleConfigure the text that will be displayed in the success popup title.
Success Popup DescriptionConfigure the text that will be displayed in the success popup body.
Is Captcha RequiredEnable Is Captcha Required to add Captcha Verification to the flow to protect against automated bot attacks and ensure user authenticity.
Note: Ensure all required preconfigurations are configured for Captcha to function properly. For details on captcha pre-configurations, refer to KOBIL Captcha Documentation.

Parameter specific to Bruteforce feature

ParameterDescription
User disabled messageMessage to be displayed when the user is disabled. Default Message: User is currently disabled, please contact admin.
User temporarily locked messageMessage to be displayed when the user is temporarily locked. Example: User is temporarily locked for %time% minutes.
Reset Bruteforce failure countIf the Reset Bruteforce Failure Count option is enabled, the failure count will be reset to 0 upon successful login.

KOBIL Verify User Identity

User Flow

This execution contains the following main steps:

  1. KOBIL Verify User Identity works as a standalone step to configure a user and is used in the login flow.
KOBIL Verify User Identity flow