Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Thales Authenticator Lifecycle Manager

Architecture

search

Architecture

The Thales Authenticator Lifecycle Manager architecture is a cloud-native, scalable solution that integrates with the identity providers (IDPs) to securely manage FIDO authenticators throughout their lifecycle.

This section describes the core components, their roles, and how they interact to support enrollment, policy enforcement, and device management.

Note

The following architecture diagram is for illustration purposes only. Actual architecture may vary based on your deployment model (single-tenant or multi-tenant), network topology, and hosting environment.

TALM

Architecture Components

The Thales Authenticator Lifecycle Manager architecture includes the following components:

Component Description
Thales Authenticator Lifecycle Service

A service installed on an administrator’s workstation. It performs the following functions:

  • Enrolls FIDO authenticators and manages their lifecycle operations.
  • Establishes secure communication with Thales Authenticator Lifecycle Manager backend services through the API Gateway.
  • Displays operational alerts and messages on the Thales Authenticator Lifecycle Manager console.
Thales Authenticator Lifecycle Manager Console

A browser-based user interface to:

  • Configure policies for authentication and device management.
  • Enroll and manage devices throughout their lifecycle.
  • Associate users with configured devices.
  • Set up identity providers (IDPs) for device enrollment.
  • Perform administrative operations and reporting for monitoring and compliance.
API Gateway A secure entry point for all client and console traffic. It performs the following functions:

  • Authenticates and routes requests to Thales Authenticator Lifecycle Manager backend services.
  • Enforces rate limiting to prevent overload and ensure fair usage.
  • Validates incoming requests for security and compliance.
  • Centralizes observability for monitoring and troubleshooting.
Identity Provider (IDP) Issues tokens to authenticate administrators and services accessing Thales Authenticator Lifecycle Manager.
An identity provider can be either Microsoft Entra ID or STA Identity Provider, depending on the deployment.
Thales Authenticator Lifecycle Manager Backend A collection of services responsible for authenticator lifecycle orchestration, policy validation, metadata storage, audit logging, and administrative APIs. It maintains state for devices, policies, and related entities.

On this page