Identity Manager

General

A: Normal web application login requires users to provide a unique password to verify their online identity. However, the web application cannot verify the physical identity of the user who submitted the password. This can cause online identity theft.



Fig. 1 Normal website operation without AllWebID 2FA

AllwebID Identity Manager makes the user passwords more personalized by linking them to the users’ fingerprints or to their cell phones. AllWebID enables web applications to verify the physical identity of the user before accepting their passwords for login.

When users are logging into an AllWebID 2FA enabled web application, they are required to provide their passwords. The users are then required to identify themselves by providing either their fingerprint template or a onetime use pin code that is texted to their cell phones. Once AllWebID validates the second factor, the web application allows the users to login.



Fig. 2 Website login process with AllWebID 2FA

A: AllWebID Identity Manager offers two types of identity authentication options to the users.

  • Match user fingerprint templates by using fingerprint sensors
  • Match one time use pin codes that are texted on user’s cell phone.

AllWebID offers plug-and-play support for several USB based fingerprint readers including Eikon, Eikon II, Eikon Touch 510, Eikon Touch 710, Digital Persona U.are.U 4500 and U.are.U 4000.

It also supports embedded sensors that are manufactured by Validity / Synaptics (VFS201, VFS301). These are mostly embedded in selected laptops from HP, Lenovo (ThinkPad Edge E40, E50, X220), and Panasonic (Toughbook CF-C1, S9) laptops. Fingerprint based authentication provides a higher level of security and ease of use for the users.

In addition to fingerprint sensors, AllWebID Identity Manager also supports all cell phones including smart phones for text message based authentication.

A: Integrating with AllWebID Identity Manager is a quick and easy process. Following are the steps:

  • Sign up for an AllWebID Admin Account for 2FA services
    • Open AllWebID Identity Manager Registration page.
    • Fill in user details.
    • Fill in user mobile phone number.
    • Click Verify.
    • An SMS will be sent to your mobile phone with a onetime use pin code.
    • Enter pin code.
    • Click Complete Registration.
    • An email will be sent to your email address with activation link.
    • Use the activation link in the email to activate your account.
  • Log into AllWebID Admin Portal
    • Open AllWebID Identity Manager Login page.
    • Fill in username and password.
    • Click Verify.
    • An SMS will be sent to your registered mobile phone with pin code.
    • Enter pin code.
    • Click Login.
  • Integrate your website and get an Integration Key
    • Click on Add Website Integration from the Admin portal menu.
    • Fill in website details.
    • Click on Add.
  • Download Fingerprint Management application. (Required only if fingerprint based authentication will be used)
  • Customize web pages by adding AllWebID APIs

A: The web application will continue to authenticate its users on the web server using its standard login procedure (i.e. Single factor authentication). It will then make an API call to AllWebID cloud to check for second factor authentication method.

CheckUser2FAMethod (string APIKey, string Username)

The first parameter in the API call is the API Key. This is the Integration Key which was generated on the AllWebID Admin Portal. The second parameter is the Username of the person logging into the web application.

A: Below is the list of API calls

Description API Call
Checking for second factor authentication method CheckUser2FAMethod (string APIKey, string Username)
To generate an encrypted session token for fingerprint authentication GenerateSessionToken (string APIKey, string Username)
To generate a Pin Code that will be sent to the user’s registered mobile phone SendPinBySMS (string APIKey, string Username)
To verify the Pin Code entered by the user VerifySMSPin(string APIKey, string Username, string pincode)
To authenticate the generated session token of specific user. AuthenticateSessionToken (string APIKey, string Username)
To reset the value of the generated session token. ResetSessionToken (string APIKey, string Username)

The first parameter in the API call is the API Key. This is the Integration Key which was generated on the AllWebID Admin Portal. The second parameter is the Username of the person logging into the web application.

Registration and Setup

A: Select the Start Free Trial button from our website. Fill in the details and create a free account on the Free Trial Registration page. An account activation link will be sent to the registered email address. Activate your newly created Free Trial account by clicking the activation link.

A: On the Client Login page, click the Forgot Password link. Provide your registered email address. An email will be sent on your registered email address with the link to reset your forgotten password. Click on the link in the email, this will take you to another page where you can enter your new password.

A: The Free Trial allows you to integrate the login workflows for up to two websites / portals with the Identity Manager Service. The following are possible in the Free Trial:

  • 01 x Enterprise, 01 x SaaS
  • 02 x Enterprise
  • 02 x SaaS

A: The Free Trial allows you to enroll 10 users per website/ portal.

A: Your cell phone will be used to authenticate you at the time of login to admin console through text message other than your registered username and password.

A: Go to Home Page -> Support -> Client Login. This will take you to a Client login page. Enter your registered username and password and press Verify. You will receive a text message from AllWebID SMS server with a one-time use PIN code. Enter the PIN code in the field and press Submit. You will be logged into the Admin Console.

A: Log into the Identity Manager Admin console. From the menu bar, go to Website Integration -> Add Integration. Provide the portal / website name to be secured with AllWebID Identity Manager. The name should be unique for every website integration. In the Website URL field, provide the URL of the portal / website to be integrated. Select the technology platform for your portal / website. We currently support websites developed in ASP.NET or PHP. The two remaining fields Authentication URL and Redirection URL will be automatically filled based on the selected technology. These URLs will be used in your integration. The sample scripts provided with the SDK explains the exact use and place of these URLs. If, for any reason you want to change the generated URLs, you can do so by modifying the generated URLs. Click the Add button to generate the Integration. An authentication email will be sent to your registered email. The email will include a unique Integration Key. This is specifically created for your website integration and should be stored securely. Use the Integration Key from the email in the Access Layer APIs provided in the SDK download package while integrating your portal.
You can use the sample scripts available in the SDK package for the selected technology to add 2FA to your portal / website user registration and login pages.

A: Once you make the website integration, you will be sent a unique Integration Key in an email to your registered email account. This integration key is exclusively generated for your registered account and will be used for integration(s) with AllWebID using our APIs. The integration key must be kept confidential. Use sample scripts to find out how to use the integration key with our APIs.

A:From the menu bar of the Admin console, go to Integration -> Manage Integrations. A list of your integrated websites / portals will be displayed on the console with website names. You can manage the following functions:

  • Enable or Disable an integration with AllWebID Identity Manager.
  • Modify the integration details by clicking the Edit button on the console. The editable parameters are Website Name, Authentication URL and Redirection URL.
  • Remove an integration. This will permanently remove the website from AllWebID Identity Manager. If you need to integrate the website again, please refer to the integration process.

Operations

A: As an admin, you can also monitor the login activities of your enrolled users. The Activity Log Console provides you real time status of all the secure login attempts to the integrated websites and portals. The console displays the Username of the registered user, Website Name, Activity performed, the result of the performed activity and the time of the activity. The activities that are captured by the Activity Log console are User 2FA Registration , Login Through SMS , and Login Through Fingerprint.

A: In the Download Logs section on the Activity Log console, select the Start Date and End Date of the logs to be downloaded. Provide the Username or select All Users radio button from the console to generate and download the activity of a single user or all users for the specified time period. Press the Download button and Save the activity log to a folder on your machine.

A: On the menu bar of the Admin console, go to User Management -> Add User. Enter username of the user to be added. Select Country from the drop down list and add the Cell number of the user and click Add. Please input the cell phone number without any spaces or special characters (e.g. -,_. etc).

A: On the menu bar of the Admin console, go to User Management -> Add User. In the bottom section of the console, click the Choose File button to select the file containing the Usernames and the Cell Phone numbers of the users that need be added. Click the Import button to add all users from the CSV file. The CSV file should be in the following format.

  • Username, Cell Phone Number
  • Username, Cell Phone Number
  • …………….
  • Username, Cell Phone Number

Please ensure that the cell phone number includes the “+” sign and country code also. Do not include any spaces or special characters (e.g. -,_. etc). For example

Cell Phone number in US: +1xxxxxxxxxx

Cell Phone number in UK: +44xxxxxxxxxx

Cell Phone number in Italy: +39xxxxxxxxxx

A: On the menu bar of the Admin console, go to User Management -> User Profile. All added users with their usernames and registered cell numbers will be listed. Edit the cell number to be changed and click the Save button.

A: On the menu bar of the Admin console, go to User Management -> User Profile. Click on the Remove icon against the username you intend to remove. This will remove the user from your integration.

A: No. You have the option to enable fingerprint registration for either a selective number of users or for all your users. You can control their authentication mode from the Admin console. To allow the user register his / her fingerprint, go to User Management -> User Profile and click the Register FP button displayed next to the username whose fingerprints need to be registered. This will send an SMS with a one-time PIN code on the registered cell number of the user. This PIN code will be used in the Identity Manager application running on the user’s computer to invoke the fingerprint registration process.

A: On the menu bar of the Admin console, go to User Management-> User Profile. Click the Modify FP button displayed next to the username whose fingerprints need to be modified. This will send an SMS with a one-time PIN code on the registered cell number of the user. This PIN code will be used in the Identity Manager application running on the user’s computer to invoke the fingerprint registration process.

A: Yes, on the menu bar of the Admin console, go to User Management -> Web Profile. Select the website integration from the drop down list. All users in that integration will be displayed. You can change the authentication mode to SMS (SMS only) or SMSFP (SMS or fingerprint) for any user. Also you can Enable or Disable the 2FA for any displayed username from this console. To save the changes, click the Save button. To enable or disable 2FA for all users of the selected website integration, click the Enable All or Disable All button from the console.

A: You can use the SaaS solution APIs to add 2FA management capabilities for end users on your websites / portals. Once users are logged into their accounts, they will have the option to register / modify their cell phone numbers, and their fingerprint templates. Users will also have the option to enable or disable their 2FA based login.