IDAAS core
Getting started with the OneWelcome Identity Platform
Manage administrators
Authentication
- FIDO authentication
  - Web integration
    - Web integration
    - User enrollment
    - User authentication
  - Administrative management
    - Admin APIs
    - Authenticator management
    - User management
    - Policy management
  - Authenticator policy
    - Thales FIDO authenticator policy
    - Authenticator policy samples
  - Extensions
    - Thales extensions for FIDO
    - Thales friendly name extension
    - Thales transaction signature extension
    - Thales challenge token extension
- Authentication FAQ
- Password migration
Events
- Public event payload taxonomy
- Export events
Assurance levels
IDAAS core - Access
- Securing resources
- Client authentication methods
- Client application configuration
  - Scope configuration
  - Identity providers
  - Resource gateway configuration
  - Scopes API
  - Scope Verification Service
  - Identity provider API
  - Protected data in single-page apps
- OAuth 2.0 and OpenID Connect
  - OpenID Connect
  - OpenID Connect authentication
  - OpenID Connect scopes and claims
  - User claims and attributes
  - OpenID provider configuration
  - ID token encryption
  - Web clients
    - Resource owner password credentials
    - Uniquely identify guests
    - Migration of web clients with hashed secrets
    - Web clients API
  - Tokens
    - Access tokens
    - ID tokens
    - Refresh tokens
    - Access token API
    - Token introspection API
  - iFrame session monitoring
    - Relying party iFrame
    - End session API
    - Session management APIs
  - OAuth endpoints
  - OAuth configuration
  - Discovery API
  - JSON Web Key Set API
  - User information API
  - OAuth consent API
  - OAuth Token Exchange
- SAML Applications
- Custom authenticators
- General system properties
  - Configure system features
  - Session configuration
  - CORS support
  - Extension engine properties
  - SAML service provider configuration
  - API clients API
  - Responsible disclosure policy
- Access events
  - Audit events
  - Audit log
  - Events API
  - Security events
- Web hooks
  - Web hooks configuration API
- User session API
IDAAS core - Tulip
- Tenants and brands
- Identity store and data model
  - SCIM API
  - SCIM schemas
  - SCIM user management
  - SCIM user attributes
  - SCIM API versions
- Credential store
  - Email address management
  - Password management
  - Password policies
- OAuth 2.0 and OpenID Connect
  - OAuth 2.0 and OpenID Connect setup
  - Device flow
  - OAuth client authentication methods
  - Proof Key for Code Exchange
  - Step-up authentication
  - OAuth 2.0 and OpenID Connect API
  - Dynamic client registration API
  - OAuth OIDC error handling
- Account lockout
- Session management
- Event store
- API rules
- Reports
- Email overview
- Core administration experience
  - Audit logs
- Locales and languages
Customize the user interface

Thales friendly name extension

The Thales friendly name FIDO2 extension allows users or applications to associate a user-friendly name with a credential.

The friendly name can help users to distinguish their different credentials for a given application, even if they are all associated with a single account. For example, a user might have:

A mobile device-bound credential
A security key
A computer-created credential synchronized by their platform provider The user can name each of these credentials with, for example, the device brand and model. In a self-service portal, the relying-party can list the credentials by their names, and can offer users the ability to rename or delete them.

Setting the credential's friendly name

The friendly name can be set when the credential is created. The application can either set the value based on the knowledge it has of the authenticator (such as iPhone 14), or ask the user to provide a meaningful name.

Using web APIs

The application can indicate in the attestation option request that it intends to set the friendly name for this credential, by adding the thalesgroup_ext_v1 to true in the request body:

{
  ...
  "extensions": {
    "thalesgroup_ext_v1": true
  },
  ...
}

Upon successful credential creation by the client-side authenticator, the application can set the chosen friendly name in the attestation result request body:

{
  ...
  "clientExtensionResults": {
    "thalesgroup_ext_v1": {
      "authenticatorDescription": {
        "friendlyName": "My PC passkey"
      }
    }
  },
  ...
}

Updating the friendly name

It is possible to modify the friendly name of a specific credential using the update authenticator credential admin operation, setting the friendlyName field of the request body.

Displaying friendly names

The main purpose of the friendly name is for credential management. The list authenticator credentials admin operation therefore returns the friendly names or each user's credentials in the friendlyName field of its response body.

Suggest A Change

Thales friendly name extension

Setting the credential's friendly name

Using web APIs

Updating the friendly name

Displaying friendly names

On this page