Blueprints
Last updated
Last updated
Note: To configure Blueprints, you should first set up the master settings and then create a flow setting based on the master settings.
Blueprints list
In the Admin Console, click the Blueprint tab on the left, and you'll see Flows table view on the right.
Flows table contains following fields,
Blueprint Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.
Description: A "Blueprint description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.
Last Validation On: A Blueprint timestamp when the user Validate the flow last time.
Updated On: A Blueprint timestamp when the user was updated the flow last time.
Action: The Action has 3 icon named
Input a keyword in the search box above the Flow table, click the 'Search' button, and you'll see the matching Flows in the table. Search using Flow Name.
Top right corner Create Blueprint button is there. through that you can create a new Blueprint.
To Create a Flow need to fill the following fields,
Flow Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.
Description: A "Blueprint description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.
Client Details: Select Client Type
Refer:
Client Details: Select Client
List of created client list will in this clients dropdown.
Once you selected Client type and Client, Click on the save button to create a flow. Once you done with the flow creation we can set the Common Settings, Login Settings, Registration Settings.
Activate forgot password option on login page: You can enable this option if you want to enable forgot password option in login screen. Otherwise disable this option.
Send Exact reply to user:
Send Notification for each Successful Password Reset to the User? : After reset success if you want to notify the user then enable this option. Otherwise disable it.
Refer: Give link -> Settings -> Hosted Page
Profile Page Access Control Settings: The authentication system offers a default profile page with built-in self-service features like Profile Update, MFA Configuration, User Activity, Reset My Password, Consent Activity, and Logout. You can manage access to these pages by enabling or disabling them for your customers, allowing precise control over their availability.
Refer: Give link -> Settings -> Password Policy
Refer: Give link -> Workflow -> Approval Workflow
Secret key : It will Generate a secret key . Refer: Give link -> Settings -> Captcha
Customize OTP functionality in the login/registration flow to enhance user authentication. Configure the OTP Expiry Time (validity duration in seconds), OTP Size (number of digits), and Link Expiry Time (active duration of the OTP link in seconds) to ensure secure and timely user verification.
Enabling CAPTCHA in the security configuration of authentication is a security measure used to protect against automated bots and malicious activities during the user authentication process. CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."
The purpose of CAPTCHA is to verify that the user attempting to log in or access a certain resource is a real human and not a computer program or bot trying to perform automated attacks, such as brute-force attacks, credential stuffing, or other forms of unauthorized access.
Enabling token encryption in authentication refers to the process of encrypting security tokens before they are transmitted over a network or stored in a data store. Security tokens are used in various authentication and authorization protocols (such as OAuth 2.0, OpenID Connect, and SAML) to represent and carry information about a user's identity and access rights.
Token encryption is an essential security measure to protect the confidentiality and integrity of these tokens, ensuring that sensitive information remains secure during transmission and storage. Without encryption, tokens may be vulnerable to interception, tampering, or unauthorized access, potentially leading to security breaches and unauthorized access to user accounts or resources.
Do you want to enable strict transport policy ?
Enabling Strict Transport Security (HSTS) in authentication is a security mechanism designed to enhance the protection of web applications against certain types of attacks, specifically those related to man-in-the-middle (MITM) and downgrade attacks. HSTS instructs web browsers to always connect to a website over a secure HTTPS connection, even if the user enters an HTTP URL or follows an insecure link.
When HSTS is enabled, the web server includes an HTTP response header called "Strict-Transport-Security" in its HTTPS responses. This header contains a security policy that informs the user's web browser to communicate with the website only via HTTPS for a specified duration. Once the browser receives this HSTS header, it will automatically redirect all HTTP requests to the HTTPS version of the website for the specified time, reducing the risk of exposure to various security threats.
Enable client token validation
Enabling client token validation in authentication refers to the process of validating and verifying the authenticity and integrity of tokens presented by client applications during the authentication and authorization process. Tokens play a crucial role in modern authentication protocols, such as OAuth 2.0 and OpenID Connect, where they are used to represent and carry information about a user's identity and access rights.
Client token validation is an essential security measure to ensure that the tokens provided by client applications are legitimate and have not been tampered with or forged by malicious actors. Validating client tokens helps prevent various forms of token-based attacks, such as token replay attacks, token substitution attacks, and token forgery.
Enable token in Redirect URI
Enabling tokens in the Redirect URI refers to a mechanism used in certain authentication protocols, such as OAuth 2.0 and OpenID Connect, to include access tokens or authorization codes directly in the URL of the redirect response sent from the authorization server to the client application.
When a user successfully authenticates with the authorization server and grants the necessary permissions, the server redirects the user's web browser back to the client application's specified Redirect URI. This redirection is a critical step in the authentication process, allowing the client application to obtain the necessary credentials to access protected resources on behalf of the user.
In Flow Overview you will get the login Url & Registration Url. Using this authorization endpoint you can initiate the login/registration page.
Once you created the flow you can see flow login page settings.
Authentication Method Options Settings
Configure your preferred login methods from a variety of authentication options including traditional, social, classical and passwordless methods.
Login Access Control by Group and Role Configuration: Restrict login access to users in specific groups or roles, enabling effective implementation of departmental or sectional user restrictions.
Captcha Behaviour Settings :
Enhance security by incorporating CAPTCHA verification into your authentication process. Configure it to trigger under specific conditions, such as after a set number of failed login attempts, ensuring a balance between user convenience and protection against automated login attempts.
Login Session Management:
Enable Multi-Device Login: Allow users to log in simultaneously from multiple devices for convenience.
Single Session Enforcement: Limit users to one active session at a time, enhancing security and preventing credential sharing.
Consent Settings:
Customize the collection and management of user consent for data processing to ensure compliance with privacy regulations and build user trust.
Multi-Factor Authentication (MFA) Settings:
Enable: If you want MFA in your flow then you can enable this option.
=> Enable Multiple Login for User
The user can do multiple logins at the same time from a different location.
Post-login Configuration
=> Change Password After Password Reset
=> Allowed Login Types
If you enabled email then you can login using your registered mail Id, else if you enabled mobile then you can use your registered mobile number for login. if you enabled both then you can use both email & mobile number for login.
=> Consent Configurations
Settings -> Consent link
if you want consent in your post-login screen then you can bind.
Enable: If you want MFA in your flow then you can enable this option.
=> Register with Login Information
Once you have created the flow you can see flow Registration settings on edit flow Page.
Click the edit Icon to Open Registration page settings page.
Configure your preferred login methods from a variety of authentication options including traditional, social, and passwordless methods.
Automatic Group and Role Assignment Configuration:
The authentication system provides dynamic schema settings to adapt to diverse user roles within your business. A single user entity can assume various roles such as User, Driver, Investor, etc., each requiring different variables or inputs for their respective information.
To address this, the system allows you to configure role-specific schemas. Using the dynamic schema form, you can:
Define the required variables or inputs for each user role.
Restrict certain variables from the master schema as per your business requirements.
This flexibility ensures that your authentication system remains aligned with your organizational needs, providing precise control over user information and role management.
CAPTCHA Behaviour Settings:
To enhance security and prevent automated registrations, the Product Registration Page can include a CAPTCHA verification feature. This mechanism ensures that only legitimate users can access the registration process.
If you want CAPTCHA enable it Customize Schema Settings: The authentication system supports dynamic schema settings to accommodate different user roles within a business. These schemas are common to the user entity and allow flexibility in managing role-specific requirements.
For example, a single user might assume roles such as User, Driver, or Investor, each requiring distinct variables or inputs for their respective data.
=> Registration Form Settings
The "Registration Form Settings" section empowers you to customize the user onboarding experience by configuring registration field options. This allows you to adapt your registration process to match your platform's requirements and user preferences. Let's delve into the details of this powerful feature:
The "Set Progressive Registration as Skippable" field offers you flexibility in how users complete their registration. When enabled, this option allows users to skip certain registration fields during the progressive registration flow. This is particularly useful for streamlining the onboarding experience and allowing users to provide additional information at a later time.
Enabling and Disabling Registration Fields
Registration Fields: Settings => Registration Fields.
Refer:
Accessing Field Configuration: Within the "Registration Form Settings," you'll find a table listing the registration fields.
Customizing Field Status: In the table contains,
Field Key – Key name of the Field.
Field Type –Type of the Field. (ex: Text, Number)
Status: Status of the Field is enabled or not.
Action- Action field has an associated enable/disable switch. Use these switches to determine whether each field is active (enabled) or inactive (disabled) on your registration page.
Adapting to Needs: Depending on your platform's specifics, enable or disable the necessary fields to tailor the registration process. You can choose to collect only the essential information during initial signup and allow users to provide additional details later.
The "Available Approval Workflows" field offers a centralized view of the different authorization processes you've established. Each workflow represents a series of steps that guide actions through approval stages.
Use the selection field to choose the appropriate approval workflow for the specific action you're configuring. Workflows can vary based on the complexity and importance of the action.
The "Send Welcome Message" card provides you with a delightful way to greet users as they join your platform. This feature allows you to choose how you want to send welcome messages, ensuring that users feel valued and informed from the moment they sign up. Let's explore the options available for sending these messages:
The "Email" option enables you to send a welcome message to users through their email addresses. A well-crafted email can provide essential information, highlight platform features, and encourage users to explore further.
SMS
The "SMS" option allows you to send welcome messages directly to users' mobile phones via text messages. SMS messages are concise yet impactful, making them an ideal choice for delivering quick greetings and essential details to users on the go.
IVR (Interactive Voice Response)
The "IVR" option takes welcome greetings to the next level by allowing you to send an automated voice message to users through a phone call. This interactive approach provides a human touch, and users can listen to the message and follow prompts for more information.
Enabling Welcome Message Options: Within the "Send Welcome Message" card, you'll find the "Email," "SMS," and "IVR" options. You can enable it.
The "Auto Login After Registration" feature has a switch that you can turn on or off. When you turn it on, users will be automatically logged in as soon as they finish signing up. This saves them from having to type in their login details again, so they can start using their accounts right away.
Use the enable field to turn on the "Auto Login After Registration" feature.
