Blueprints
Last updated
Last updated
Note: To configure Blueprints, you should first set up the master settings and then create a flow setting based on the master settings.
Blueprints list
In the Admin Console, click the Blueprint tab on the left, and you'll see Flows table view on the right.
Flows table contains following fields,
Blueprint Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.
Description: A "Blueprint description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.
Last Validation On: A Blueprint timestamp when the user Validate the flow last time.
Updated On: A Blueprint timestamp when the user was updated the flow last time.
Action: The Action has 3 icon named
Input a keyword in the search box above the Flow table, click the 'Search' button, and you'll see the matching Flows in the table. Search using Flow Name.
Top right corner Create Blueprint button is there. through that you can create a new Blueprint.
To Create a Flow need to fill the following fields,
Flow Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.
Description: A "Blueprint description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.
Client Details: Select Client Type
Refer:
Client Details: Select Client
List of created client list will in this clients dropdown.
Once you selected Client type and Client, Click on the save button to create a flow. Once you done with the flow creation we can set the Common Settings, Login Settings, Registration Settings.
Activate forgot password option on login page: You can enable this option if you want to enable forgot password option in login screen. Otherwise disable this option.
Send Exact reply to user:
Send Notification for each Successful Password Reset to the User? : After reset success if you want to notify the user then enable this option. Otherwise disable it.
Refer: Give link -> Settings -> Hosted Page
Profile Page Access Control Settings: The authentication system offers a default profile page with built-in self-service features like Profile Update, MFA Configuration, User Activity, Reset My Password, Consent Activity, and Logout. You can manage access to these pages by enabling or disabling them for your customers, allowing precise control over their availability.
Refer: Give link -> Settings -> Password Policy
Refer: Give link -> Workflow -> Approval Workflow
Secret key : It will Generate a secret key . Refer: Give link -> Settings -> Captcha
Customize OTP functionality in the login/registration flow to enhance user authentication. Configure the OTP Expiry Time (validity duration in seconds), OTP Size (number of digits), and Link Expiry Time (active duration of the OTP link in seconds) to ensure secure and timely user verification.
Enabling CAPTCHA in the security configuration of authentication is a security measure used to protect against automated bots and malicious activities during the user authentication process. CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."
The purpose of CAPTCHA is to verify that the user attempting to log in or access a certain resource is a real human and not a computer program or bot trying to perform automated attacks, such as brute-force attacks, credential stuffing, or other forms of unauthorized access.
Enabling token encryption in authentication refers to the process of encrypting security tokens before they are transmitted over a network or stored in a data store. Security tokens are used in various authentication and authorization protocols (such as OAuth 2.0, OpenID Connect, and SAML) to represent and carry information about a user's identity and access rights.
Token encryption is an essential security measure to protect the confidentiality and integrity of these tokens, ensuring that sensitive information remains secure during transmission and storage. Without encryption, tokens may be vulnerable to interception, tampering, or unauthorized access, potentially leading to security breaches and unauthorized access to user accounts or resources.
Do you want to enable strict transport policy ?
Enabling Strict Transport Security (HSTS) in authentication is a security mechanism designed to enhance the protection of web applications against certain types of attacks, specifically those related to man-in-the-middle (MITM) and downgrade attacks. HSTS instructs web browsers to always connect to a website over a secure HTTPS connection, even if the user enters an HTTP URL or follows an insecure link.
When HSTS is enabled, the web server includes an HTTP response header called "Strict-Transport-Security" in its HTTPS responses. This header contains a security policy that informs the user's web browser to communicate with the website only via HTTPS for a specified duration. Once the browser receives this HSTS header, it will automatically redirect all HTTP requests to the HTTPS version of the website for the specified time, reducing the risk of exposure to various security threats.
Enable client token validation
Enabling client token validation in authentication refers to the process of validating and verifying the authenticity and integrity of tokens presented by client applications during the authentication and authorization process. Tokens play a crucial role in modern authentication protocols, such as OAuth 2.0 and OpenID Connect, where they are used to represent and carry information about a user's identity and access rights.
Client token validation is an essential security measure to ensure that the tokens provided by client applications are legitimate and have not been tampered with or forged by malicious actors. Validating client tokens helps prevent various forms of token-based attacks, such as token replay attacks, token substitution attacks, and token forgery.
Enable token in Redirect URI
Enabling tokens in the Redirect URI refers to a mechanism used in certain authentication protocols, such as OAuth 2.0 and OpenID Connect, to include access tokens or authorization codes directly in the URL of the redirect response sent from the authorization server to the client application.
When a user successfully authenticates with the authorization server and grants the necessary permissions, the server redirects the user's web browser back to the client application's specified Redirect URI. This redirection is a critical step in the authentication process, allowing the client application to obtain the necessary credentials to access protected resources on behalf of the user.
In Flow Overview you will get the login Url & Registration Url. Using this authorization endpoint you can initiate the login/registration page.
Once you created the flow you can see flow login page settings.
Authentication Method Options Settings
Configure your preferred login methods from a variety of authentication options including traditional, social, classical and passwordless methods.
Login Access Control by Group and Role Configuration: Restrict login access to users in specific groups or roles, enabling effective implementation of departmental or sectional user restrictions.
Captcha Behaviour Settings :
Enhance security by incorporating CAPTCHA verification into your authentication process. Configure it to trigger under specific conditions, such as after a set number of failed login attempts, ensuring a balance between user convenience and protection against automated login attempts.
Login Session Management:
Enable Multi-Device Login: Allow users to log in simultaneously from multiple devices for convenience.
Single Session Enforcement: Limit users to one active session at a time, enhancing security and preventing credential sharing.
Consent Settings:
Customize the collection and management of user consent for data processing to ensure compliance with privacy regulations and build user trust.
Multi-Factor Authentication (MFA) Settings:
These schemas are common to the user entity. In a business, the same user can assume various roles such as User, Driver, Investor, and more. Each user role requires different variables or inputs for user information. You can Enable the field if needed for the flow. The Optional will work like if the field required for the user they can configure or else can leave it .
Registration Settings:
Once you have created the flow you can see flow Registration settings on edit flow Page.
Click the edit Icon to Open Registration page settings page.
Configure your preferred login methods from a variety of authentication options including traditional, social, and passwordless methods.
Automatic Group and Role Assignment Configuration:
The authentication system provides dynamic schema settings to adapt to diverse user roles within your business. A single user entity can assume various roles such as User, Driver, Investor, etc., each requiring different variables or inputs for their respective information.
To address this, the system allows you to configure role-specific schemas. Using the dynamic schema form, you can:
Define the required variables or inputs for each user role.
Restrict certain variables from the master schema as per your business requirements.
This flexibility ensures that your authentication system remains aligned with your organizational needs, providing precise control over user information and role management.
CAPTCHA Behaviour Settings:
To enhance security and prevent automated registrations, the Product Registration Page can include a CAPTCHA verification feature. This mechanism ensures that only legitimate users can access the registration process.
If you want CAPTCHA enable it Customize Schema Settings: The authentication system supports dynamic schema settings to accommodate different user roles within a business. These schemas are common to the user entity and allow flexibility in managing role-specific requirements.
For example, a single user might assume roles such as User, Driver, or Investor, each requiring distinct variables or inputs for their respective data.
Auto-Generate Password
When a user registers through passwordless providers such as social login or passwordless authentication and no classical account exists, the system automatically generates a password.
If You want to auto generate the password you can Enable it.
Account Link settings: