This article describes authentication methods available in Smart ID Digital Access component. Authentication methods are used as requirements in access rules for authentication. Different authentication methods provide various levels of security.
How does authentication work?
When a user uses a web browser to access a resource, the request flows through a web of specialized services: the access point, the policy service, the authentication service, and back again. But for the user, the single point of contact is the web browser. The access point verifies the identity of the user by forwarding the user credentials via the policy service to the authentication service, which in turn compares the information with credentials stored in the user storage. When the control is completed, a request accept is sent to the access point which allows the user to enter.
What authentication methods are supported?
Digital Access supports many authentication methods. Some of the most common ones are listed below.
To choose the right authentication method for your business, consider your users’ needs when it comes to mobility, device flexibility and level of security. It is possible to specify multiple authentication methods for each resource.
Some common authentication methods
For a complete list, see the user interface in Digital Access Admin.
Smart ID Mobile App makes two-factor authentication (2FA) easier and more cost efficient. It is used together with Smart ID Messaging that is consumed by, for example, Digital Access, which provides user authentication and access to applications, information and cloud services.
Nexus Personal Desktop Client is a smart card middleware integrating smart cards and security tokens and provides your users with intuitive two-factor authentication (2FA), digital signing, email encryption etc.
OpenID Connect is a federation technology, comparable with SAML 2.0, that is implemented as an identity layer on top of the OAuth 2.0 protocol.
Several digital identities, such as Norwegian BankID and Verimi, are based on OpenID Connect.
Nexus TruID is a mobile two-factor (2FA) software token that is installed on a hardware device that the user already has, such as a smart phone, PC (Linux/Windows) or a Mac. The user enters a pin code into the soft token to generate a one-time password, OTP. This OTP is used to logon to the application or service.
To ease distribution of Nexus TruID, the included Distribution Service enables automated token distribution, installation and set-up. All the end-user has to do is follow an URL link sent by the server in an SMS and within seconds the user is equipped with TruID mobile two-factor authentication.
Nexus Mobile Text uses the mobile phone and a mobile text-distribution service such as SMS to distribute the one-time password. By using SMS, any mobile phone can be used for this two-factor authentication (2FA) method, and smart phones are not required.
The Nexus Invisible Token is a unique on-demand solution that combines the strength of passwords and tokens for two-factor authentication (2FA). It is secure, convenient, easy to deploy, and most importantly easy to use. Invisible Token is based on HTML5 and transforms your browser into an OTP-token that is independent of the platform you are using.
With Digital Access Authentication Server, any OATH (Open Authentication) compliant software or hardware security token may be used to provide user authentication. OATH provides an open architecture enabling customers to replace disparate and proprietary security solutions to increase flexibility.
Nexus Password can be used for environments with lower security demands.
You can define your own password policy and set requirements for password length, complexity, disallowed characters, password change and password history. The solution can integrate with Microsoft Active Directory and reuse the passwords from Active Directory. Then the password policies in Active Directory will apply when a user changes or resets a password.
Digital Access supports authentication using the Swedish national eID BankID. With Digital Access you can let your users authenticate with BankID on smartcard, file, or by using a smartphone with Mobile BankID. There are multiple ways to connect Digital Access to the service for validation of BankID and Mobile BankID. By using a national eID, such as BankID, you can easily and securely enable your services for a large number of customers without the burden of managing their credentials and authentication methods.
Swedish BankID and Mobile BankID can be used in Digital Access via Nexus GO Authentication,Normally using their Internet bank and a self service to obtain the BankID or Mobile BankID SAML 2.0 federation or BankID web service API.
Freja eID is an electronic identity on your mobile device that allows you to log in, sign and approve transactions and agreements with your fingerprint or PIN.
With Freja eID+, you will get an eID officially approved by the Swedish E-identification board with the quality mark Svensk e-legitimation. You can configure Digital Access component to only accept Freja eID+.
Beside the Freja eID authentication, Digital Access support authentication with Freja Organisation eID. This allows users to login to their company without using their personal identity.
- Set up authentication method in Digital Access
- Access point in Digital Access, add, set up and configure
- Access rules in Digital Access
- Authentication service in Digital Access, add, set up and configure
- Policy service in Digital Access, add, set up and configure
- Resources in Digital Access
- User storage in Digital Access