Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Authentication

Authentication FAQ

search
printsuggest an editpdf paneldownload

Authentication FAQ

copy link to clipboardDoes the OneWelcome Identity Platform provide only 2FA?

No, the OneWelcome Identity Platform does not provide only two-factor authentication (2FA) with SMS, voice, or email as a standalone component. If you already have a solution for the first factor factor of authentication, and want to add SMS, voice, or email as a second factor, you can use SafeNet Trusted Access (STA).

copy link to clipboardCan I build my own user interface and use the OneWelcome Identity Platform APIs for authentication?

Yes, you can but that approach has some serious disadvantages, because it means using the password grant type in OAuth and OpenID, which has been deprecated. With this approach, the user interface runs on one domain, whereas the whole tenant or segment has a different domain attached to it with a DNS name, where all the backend services are running. This makes the ecosystem very complex because it includes cross-domain cookies. Browsers are very strict with cross-domain cookies, so this approach can lead to the loss of standard out-of-the-box features like re-authentication and step-up authentication.

copy link to clipboardCan I offer different authentication methods to a distinct user population?

Yes, you can offer various authentication methods to a user population based on the brand and user constituency.

For example, you can determine that on brand A, you have a username and password combination with Google as a login mechanism. On brand B, you use a magic link with Facebook, and on brand C you have something else.

copy link to clipboardCan I use federated login using my existing identity provider?

Yes, the OneWelcome Identity Platform supports login with federation. Federation is supported if it is based on the standards of SAML, OAuth, or OpenID Connect.

On this page