Skip to main content

Authentication overview

Use this page to understand prerequisites, the three-call Authentication API lifecycle, and the supported authenticators before you start integrating. For complete operation details, see the Authentication API reference.

This document describes how to control access to your application using Entrust Identity as a Service Authentication API calls.

Prerequisites

Confirm the following before configuring your application to use the API calls included in this guide:

  1. An Authentication API application has been created within Identity as a Service.
  2. A resource rule has been created for your Authentication API application.
  3. Each user who will access the application has an Identity as a Service account.
  4. Each user who will access the Identity as a Service application has had all their authenticators assigned to them and activated.

Authentication API flow

Identity as a Service uses three API calls to complete an authentication challenge:

  1. Get User's Authenticators
  2. Select Authenticator
  3. Complete Authentication Challenge

These API calls must be made sequentially to complete Identity as a Service authentication. Information is provided in response to each API call that is required to complete the next call. Completing each of these API calls in order allows users to log in to the application.

Supported authenticators

The following authenticators are supported for authentication using Identity as a Service API calls:

  • Passwords
  • Knowledge-based authentication (KBA)
  • Temporary Access Codes
  • One-time passcodes (OTP)
    • OTPs can also be dynamically linked with transaction details when used with Authentication API applications for PSD2 (Payment Service Directive).
  • Grid cards
  • Hardware and software tokens
    • Tokens supporting signatures can also be dynamically linked with transaction detail values when used with Authentication API applications for PSD2.
  • Entrust Soft Token Push authentication
  • Mobile Smart Credential Push authentication
  • Passkey/FIDO2

The following guides describe how to authenticate through API calls using some of the authenticators listed above. These examples involve single-factor authentication. See One-factor authentication and Two-factor authentication for flow walkthroughs.