SecureAuth's Authentication API embeds the SecureAuth IdP functionality into a custom application, enabling flexible workflow configurations and user interfaces. Using a RESTful API encrypted over SSL, SecureAuth IdP can validate user IDs, passwords, soft tokens, and knowledge-based answers; can generate One-time Passwords (OTPs) delivered via phone call, SMS message, email message, help desk, or PUSH Notification; and can evaluate IP address risk through threat intelligence data.
Each SecureAuth IdP realm can host its own uniquely configured Authentication API, enabling various workflows and registration methods.
By simply integrating an application with SecureAuth's Authentication API and enabling 2-Factor Authentication mechanisms, customers can securely direct users through unique logins and interfaces without leaving the application.
1. Have access to the application code
2. Have an on-premises directory with which SecureAuth IdP can integrate
3. Create a New Realm or access an existing realm in which the Authentication API will be enabled
The API can be included in any realm with any Post Authentication event as long as the appropriate directory is integrated and the registration methods are enabled for 2-Factor Authentication use
4. Configure the Data tab in the SecureAuth IdP Web Admin
A directory integration is required for SecureAuth IdP to pull user profile information during the login process
Ensure that the Registration Methods Profile Properties (e.g. Phone 1, Email 1, etc.) are accurately mapped to directory attributes to enable 2-Factor Authentication workflows
To authenticate against the API, an HTTP basic authorization header and Content-Type header are required.
1. Add a Content-Type header with a value of application/json
2. Create an Authorization Header for all requests by following the steps below
3. (OPTIONAL) If utilizing the Email 2-Factor Authentication method and a different language than US English, create an Accept-Language header to generate the Email OTP messages in the preferred language
If no Accept-Language header is present, the Email OTP messages default to US English
The users GET endpoint provides to the end-user the list of enabled 2-Factor Authentication methods
By utilizing the username in the endpoint URL, SecureAuth IdP can access the user's profile and respond with the list of available 2-Factor Authentication mechanisms
As a GET endpoint, there is no body, so no JSON parameters are required