Blueprints

Note: To configure Blueprints, you should first set up the master settings and then create a flow setting based on the master settings.

Blueprints list

In the Admin Console, click the Blueprint tab on the left, and you'll see Flows table view on the right.

Flows table contains following fields,

Blueprint Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.

Description: A "Blueprint description" refers to a detailed explanation or documentation of the steps involved in a specific authentication flow. An authentication flow defines the sequence of interactions and exchanges of information between various parties, such as the client application, the user, and the authentication server or identity provider, to authenticate the user and grant access to protected resources.

Last Validation On: A Blueprint timestamp when the user Validate the flow last time.

Updated On: A Blueprint timestamp when the user was updated the flow last time.

Action: The Action has 3 icon named

Input a keyword in the search box above the Flow table, click the 'Search' button, and you'll see the matching Flows in the table. Search using Flow Name.

Create Flow

Top right corner Create Blueprint button is there. through that you can create a new Blueprint.

To Create a Flow need to fill the following fields,

Basic Flow Details

Flow Name: A "Blueprint name" refers to the specific method or sequence of steps used to authenticate users and obtain access to protected resources in an application or system.

Configure

Client Details: Select Client Type

Refer:

Client Settings

Client Details: Select Client

List of created client list will in this clients dropdown.

Once you selected Client type and Client, Click on the save button to create a flow. Once you done with the flow creation we can set the Common Settings, Login Settings, Registration Settings.

Common Settings

Customize User's Password Reset Behavior:

Activate forgot password option on login page: You can enable this option if you want to enable forgot password option in login screen. Otherwise disable this option.

Send Exact reply to user:

Send Notification for each Successful Password Reset to the User? : After reset success if you want to notify the user then enable this option. Otherwise disable it.

Site Group Setting:

Our site group settings allow businesses to customize the UI for different departments or sections by configuring multiple themes for self-service pages (e.g., Login, Register, Forgot Password, MFA). These themes can be applied dynamically based on your configuration needs.

CAPTCHA Settings:

Authentication supports enabling Google reCAPTCHA to enhance security on login and register pages. You can choose a preconfigured CAPTCHA from the master settings or create a new one under Settings > CAPTCHA.

Refer: Settings -> Hosted Page

Profile Page Access Control Settings: The authentication system offers a default profile page with built-in self-service features like Profile Update, MFA Configuration, User Activity, Reset My Password, Consent Activity, and Logout. You can manage access to these pages by enabling or disabling them for your customers, allowing precise control over their availability.

Refer: Give link -> Settings -> Password Policy

Connectors:

Refer: Workflow -> Approval Workflow

Access Control by Mac Address:

Enhance network security by managing device access through MAC address-based control. Create logical groups, assign MAC addresses to these groups, and configure permissions to allow or block network access, ensuring streamlined administration and reliable security.

Secret key : It will Generate a secret key .

Refer: Settings -> Captcha

OTP and Link Expiry Settings:

Customize OTP functionality in the login/registration flow to enhance user authentication. Configure the OTP Expiry Time (validity duration in seconds), OTP Size (number of digits), and Link Expiry Time (active duration of the OTP link in seconds) to ensure secure and timely user verification.

Enable Cache:

Enabling CAPTCHA in the security configuration of authentication is a security measure used to protect against automated bots and malicious activities during the user authentication process. CAPTCHA stands for "Completely Automated Public Turing test to tell Computers and Humans Apart."

The purpose of CAPTCHA is to verify that the user attempting to log in or access a certain resource is a real human and not a computer program or bot trying to perform automated attacks, such as brute-force attacks, credential stuffing, or other forms of unauthorized access.

Enable Token Encryption:

Enabling token encryption in authentication refers to the process of encrypting security tokens before they are transmitted over a network or stored in a data store. Security tokens are used in various authentication and authorization protocols (such as OAuth 2.0, OpenID Connect, and SAML) to represent and carry information about a user's identity and access rights.

Token encryption is an essential security measure to protect the confidentiality and integrity of these tokens, ensuring that sensitive information remains secure during transmission and storage. Without encryption, tokens may be vulnerable to interception, tampering, or unauthorized access, potentially leading to security breaches and unauthorized access to user accounts or resources.

Enable client token validation

Enabling client token validation in authentication refers to the process of validating and verifying the authenticity and integrity of tokens presented by client applications during the authentication and authorization process. Tokens play a crucial role in modern authentication protocols, such as OAuth 2.0 and OpenID Connect, where they are used to represent and carry information about a user's identity and access rights.

Client token validation is an essential security measure to ensure that the tokens provided by client applications are legitimate and have not been tampered with or forged by malicious actors. Validating client tokens helps prevent various forms of token-based attacks, such as token replay attacks, token substitution attacks, and token forgery.

Enable token in Redirect URI

Enabling tokens in the Redirect URI refers to a mechanism used in certain authentication protocols, such as OAuth 2.0 and OpenID Connect, to include access tokens or authorization codes directly in the URL of the redirect response sent from the authorization server to the client application.

When a user successfully authenticates with the authorization server and grants the necessary permissions, the server redirects the user's web browser back to the client application's specified Redirect URI. This redirection is a critical step in the authentication process, allowing the client application to obtain the necessary credentials to access protected resources on behalf of the user.

Just-In-Time (JIT) Provisioning Settings:

JIT provisioning automatically creates and configures user accounts during their first login, streamlining user management. This approach eliminates pre-provisioning, granting access only when needed and based on users' roles or attributes.

Blueprint Overview

In Flow Overview you will get the login Url & Registration Url. Using this authorization endpoint you can initiate the login/registration page.

Once you created the flow you can see flow login page settings.

Authentication Method Options Settings

Configure your preferred login methods from a variety of authentication options including traditional, Social, Classical, SAML, WS-FED, AD, REST, Kerberos and Passwordless methods.

Login Access Control by Group and Role Configuration: Restrict login access to users in specific groups or roles, enabling effective implementation of departmental or sectional user restrictions.

Captcha Behaviour Settings :

Enhance security by incorporating CAPTCHA verification into your authentication process. Configure it to trigger under specific conditions, such as after a set number of failed login attempts, ensuring a balance between user convenience and protection against automated login attempts.

Account Lockout Settings:

The Account Lockout Settings feature helps safeguard user accounts from unauthorized access by limiting repeated failed login attempts. This configuration allows administrators to define the maximum number of failed login attempts permitted before an account is temporarily locked, along with the duration of the lockout and the monitoring interval.

Invalid Login Failure Count: Specifies the number of consecutive failed login attempts allowed before the account is locked.
Lockout Duration (in seconds): Determines how long the account remains locked once the threshold is reached.
Lockout Interval Window (in seconds): Defines the time window during which consecutive failed attempts are counted toward the lockout threshold.

This feature enhances system security by mitigating brute-force attacks and ensuring that repeated unauthorized login attempts are effectively controlled.

Login Session Management:

Enable Multi-Device Login: Allow users to log in simultaneously from multiple devices for convenience.

Single Session Enforcement: Limit users to one active session at a time, enhancing security and preventing credential sharing.

Authentication Profile Settings:

The Authentication Profile Settings feature allows administrators to define the preferred authentication method for user login. By selecting an appropriate authentication profile, organizations can tailor the login experience to balance security and user convenience.

Available Options:

User Identifier + Password: Traditional login method where users provide both a unique identifier (such as username or email etc.) and a password for authentication.
User Identifier First: Two-step login process where users first enter their identifier, followed by a dynamically chosen authentication method based on their profile.
User Identifier First + Passwordless: Modern, secure authentication flow where users identify themselves first and then log in using a passwordless method such as Email OTP, TOTP, or biometric verification etc.

Consent Settings:

Customize the collection and management of user consent for data processing to ensure compliance with privacy regulations and build user trust.

Multi-Factor Authentication (MFA) Settings:

These schemas are common to the user's entity. In a business, the same user can assume various roles such as User, Driver, Investor, and more. Each user role requires different variables or inputs for user information. You can Enable the field if needed for the flow. The Optional will work like if the field required for the user they can configure or else can leave it.

Fraud Anomaly Detection Configuration:

The Fraud Anomaly Detection Configuration feature enhances account security by identifying and responding to unusual login behaviors or potential fraudulent activities. It leverages both Direct Findings and Prediction Findings to detect anomalies and trigger additional verification through Multi-Factor Authentication (MFA).

Enable Anomaly Detection: Activates real-time monitoring to identify suspicious login activities based on device, location, or login time irregularities.
Email Notification for New Device, Location, or Unusual Login Time: Sends alerts to administrators and users whenever a login attempt occurs from an unfamiliar source or under abnormal conditions.
Direct Finding Location Distance (km): Defines the distance threshold for detecting anomalies in login location. If a login occurs outside this range, MFA is triggered.
Prediction Finding Location Distance (km): Uses historical login patterns to predict and detect deviations, such as unusual time zones or access times, and prompts MFA when discrepancies are found.

Note: This feature provides an intelligent layer of protection against unauthorized access by continuously learning user behavior, identifying risks in real time, and enforcing adaptive security measures.

Registration Settings:

Once you have created the flow you can see flow Registration settings on edit flow Page.

Click the edit Icon to Open Registration page settings page.

Customize Your Preferred Onboarding Methods

Configure your preferred login methods from a variety of authentication options including traditional, Social, Classical, SAML, WS-FED, AD, REST, Kerberos and Passwordless methods..

Automatic Group and Role Assignment Configuration:

The authentication system provides dynamic schema settings to adapt to diverse user roles within your business. A single user entity can assume various roles such as User, Driver, Investor, etc., each requiring different variables or inputs for their respective information.

To address this, the system allows you to configure role-specific schemas. Using the dynamic schema form, you can:

Define the required variables or inputs for each user role.

Restrict certain variables from the master schema as per your business requirements.

This flexibility ensures that your authentication system remains aligned with your organizational needs, providing precise control over user information and role management.

Conditional Group and Role Assignment:

The Conditional Group and Role Assignment Configuration feature enables dynamic role and group assignment based on predefined user attributes such as department, designation, or other profile details. Administrators can create condition groups using logic to define complex rules that match specific user criteria.

When a user’s attributes meet the defined conditions, the corresponding groups and roles are automatically assigned, ensuring accurate access control and efficient onboarding. Administrators retain the flexibility to manually adjust assignments when needed, providing both automation and control in user management.

CAPTCHA Behaviour Settings:

To enhance security and prevent automated registrations, the Product Registration Page can include a CAPTCHA verification feature. This mechanism ensures that only legitimate users can access the registration process.

If you want CAPTCHA enable it.

Customize Schema Settings: The authentication system supports dynamic schema settings to accommodate different user roles within a business. These schemas are common to the user entity and allow flexibility in managing role-specific requirements.

User Onboarding Workflow

The User Onboarding Workflow feature allows administrators to define and automate the sequence of actions that occur during a user’s onboarding process. By selecting a predefined or custom workflow, the system can execute a series of steps such as email verification, SMS verification, custom triggers, or other event-driven actions.

This feature ensures a consistent, secure, and streamlined onboarding experience by automating identity verification and activation steps. Administrators can easily select and manage workflows that best fit organizational requirements, improving both user experience and operational efficiency.

Auto-Generate Password

When a user registers through passwordless providers such as social login or passwordless authentication and no classical account exists, the system automatically generates a password.

If You want to auto generate the password you can Enable it.

Account Link settings:

PreviousSSO Application NextGroups & Permissions

Last updated 2 days ago