Authentication FAQ

Does the OneWelcome Identity Platform provide only 2FA?

No, the OneWelcome Identity Platform does not provide only two-factor authentication (2FA) with SMS, voice, or email as a standalone component. If you already have a solution for the first factor factor of authentication, and want to add SMS, voice, or email as a second factor, you can use SafeNet Trusted Access (STA).

Can I build my own user interface and use the OneWelcome Identity Platform APIs for authentication?

Yes, you can but that approach has some serious disadvantages, because it means using the password grant type in OAuth and OpenID, which has been deprecated. With this approach, the user interface runs on one domain, whereas the whole tenant or segment has a different domain attached to it with a DNS name, where all the backend services are running. This makes the ecosystem very complex because it includes cross-domain cookies. Browsers are very strict with cross-domain cookies, so this approach can lead to the loss of standard out-of-the-box features like re-authentication and step-up authentication.

Can I offer different authentication methods to a distinct user population?

Yes, you can offer various authentication methods to a user population based on the brand and user constituency.

For example, you can determine that on brand A, you have a username and password combination with Google as a login mechanism. On brand B, you use a magic link with Facebook, and on brand C you have something else.

Can I use federated login using my existing identity provider?

Yes, the OneWelcome Identity Platform supports login with federation. Federation is supported if it is based on the standards of SAML, OAuth, or OpenID Connect.