SecureAuth's Authentication API embeds the SecureAuth IdP functionality into a custom application, enabling flexible workflow configurations and user interfaces. Using a RESTful API encrypted over SSL, SecureAuth IdP can validate user IDs, passwords, soft tokens, and knowledge-based answers; can generate One-time Passwords (OTPs) delivered via phone call, SMS message, email message, help desk, or PUSH Notification; and can evaluate IP address risk through threat intelligence data.
Each SecureAuth IdP realm can host its own uniquely configured Authentication API, enabling various workflows and registration methods.
By simply integrating an application with SecureAuth's Authentication API and enabling 2-Factor Authentication mechanisms, customers can securely direct users through unique logins and interfaces without leaving the application.
1. Have access to the application code
2. Have an on-premises directory with which SecureAuth IdP can integrate
3. Create a New Realm or access an existing realm in which the Authentication API will be enabled
The API can be included in any realm with any Post Authentication event as long as the appropriate directory is integrated and the registration methods are enabled for 2-Factor Authentication use
4. Configure theDatatab in the SecureAuth IdP Web Admin
A directory integration is required for SecureAuth IdP to pull user profile information during the login process
Ensure that the Registration Methods Profile Properties (e.g. Phone 1, Email 1, etc.) are accurately mapped to directory attributes to enable 2-Factor Authentication workflows
SecureAuth IdP Web Admin
1. In the Registration Configuration section, enable at least one 2-Factor Authentication mechanism to be utilized in the Authentication API workflow
3. (OPTIONAL) If utilizing the Email 2-Factor Authentication method and a different language than US English, create an Accept-Language header to generate the Email OTP messages in the preferred language
If no Accept-Language header is present, the Email OTP messages default to US English
For example: https://secureauth.company.com/secureauth2/api/v1/ipeval
The /ipeval POST endpoint enables SecureAuth IdP to evaluate the IP Address for risk factors based on threat intelligence data. This endpoint can be used as a standalone feature rather than alongside the other Adaptive Authentication features used in the /adaptauth endpoint.
If using the /ipeval endpoint and not the /adaptauth endpoint, then no configuration is required in the Adaptive Authentication section of the SecureAuth IdP Web Admin.