Authentication methods in Digital Access

This article describes authentication methods available in Smart ID Digital Access component. Authentication methods are used as requirements in access rules for authentication. Different authentication methods provide various levels of security.

How does authentication work?

When a user uses a web browser to access a resource, the request flows through a web of specialized services: the access point, the policy service, the authentication service, and back again. But for the user, the single point of contact is the web browser. The access point verifies the identity of the user by forwarding the user credentials via the policy service to the authentication service, which in turn compares the information with credentials stored in the user storage. When the control is completed, a request accept is sent to the access point which allows the user to enter.

What authentication methods are supported?

Digital Access supports many authentication methods. Some of the most common ones are listed below.

To choose the right authentication method for your business, consider your users’ needs when it comes to mobility, device flexibility and level of security. It is possible to specify multiple authentication methods for each resource.

Some common authentication methods

For a complete list, see the user interface in Digital Access Admin.

Smart ID Mobile App

Smart ID Mobile App makes two-factor authentication (2FA) easier and more cost efficient. It is used together with Smart ID Messaging that is consumed by, for example, Digital Access, which provides user authentication and access to applications, information and cloud services.

Smart ID Desktop App

Nexus Personal Desktop Client is a smart card middleware integrating smart cards and security tokens and provides your users with intuitive two-factor authentication (2FA), digital signing, email encryption etc.

OpenID Connect

OpenID Connect is a federation technology, comparable with SAML 2.0, that is implemented as an identity layer on top of the OAuth 2.0 protocol.

With OpenID Connect, a range of clients, including Web-based, mobile, and JavaScript clients, can verify the identity of an end-user, based on authentication performed by an authorization server or identity provider (IdP). Clients can also obtain basic profile information about the end-user.

Several digital identities, such as Norwegian BankID and Verimi, are based on OpenID Connect.

Nexus TruID

Nexus TruID is a mobile two-factor (2FA) software token that is installed on a hardware device that the user already has, such as a smart phone, PC (Linux/Windows) or a Mac. The user enters a pin code into the soft token to generate a one-time password, OTP. This OTP is used to logon to the application or service.

To ease distribution of Nexus TruID, the included Distribution Service enables automated token distribution, installation and set-up. All the end-user has to do is follow an URL link sent by the server in an SMS and within seconds the user is equipped with TruID mobile two-factor authentication.

Nexus Mobile Text

Nexus Mobile Text uses the mobile phone and a mobile text-distribution service such as SMS to distribute the one-time password. By using SMS, any mobile phone can be used for this two-factor authentication (2FA) method, and smart phones are not required.

Nexus Invisible Token

The Nexus Invisible Token is a unique on-demand solution that combines the strength of passwords and tokens for two-factor authentication (2FA). It is secure, convenient, easy to deploy, and most importantly easy to use. Invisible Token is based on HTML5 and transforms your browser into an OTP-token that is independent of the platform you are using.

Nexus OATH

With Digital Access Authentication Server, any OATH (Open Authentication) compliant software or hardware security token may be used to provide user authentication. OATH provides an open architecture enabling customers to replace disparate and proprietary security solutions to increase flexibility.

Nexus Password

Nexus Password can be used for environments with lower security demands.

You can define your own password policy and set requirements for password length, complexity, disallowed characters, password change and password history. The solution can integrate with Microsoft Active Directory and reuse the passwords from Active Directory. Then the password policies in Active Directory will apply when a user changes or resets a password.

Swedish national eID - BankID and Mobile BankID

Digital Access supports authentication using the Swedish national eID BankID. With Digital Access you can let your users authenticate with BankID on smartcard, file, or by using a smartphone with Mobile BankID. There are multiple ways to connect Digital Access to the service for validation of BankID and Mobile BankID. By using a national eID, such as BankID, you can easily and securely enable your services for a large number of customers without the burden of managing their credentials and authentication methods.

Freja eID

Freja eID is an electronic identity on your mobile device that allows you to log in, sign and approve transactions and agreements with your fingerprint or PIN.

With Freja eID+, you will get an eID officially approved by the Swedish E-identification board with the quality mark Svensk e-legitimation. You can configure Digital Access component to only accept Freja eID+.

Beside the Freja eID authentication, Digital Access support authentication with Freja Organisation eID. This allows users to login to their company without using their personal identity.

How does authentication work?

What authentication methods are supported?

Some common authentication methods

Related information