Skip to main content

Authentication chain scenario components

Bravura Security Fabric has several authentication chains and selector modules available for installation through the Component Framework. The following scenario components are installed with the Default repository:

hid_authchain_2factor:

  • Selector for basic second-factor authentication.

  • Allows for users to store company and personal email addresses and cell phone numbers (text and mobile app), to be used along with password or security questions.

  • If the browser is recognized, it will be used as the second factor.

  • Imports the scenarios for the authentication methods.

  • Dependencies:

    • Functional.hid_authchain_2factor

    • Scenario.hid_authchain_select

    • Scenario.hid_authchain_pii

    • Scenario.hid_authchain_personal_emailpin

    • Scenario.hid_authchain_smspin_email

    • Functional.hid_authchain_select

hid_authchain_emailpin:

  • Authenticate using an email PIN by sending a PIN to company email.

  • Dependencies:

    • Functional.hid_authchain_emailpin

    • Functional.hid_global_configuration (adds the EMAIL-ATTRIBUTE, MAXLIFE, LENGTH, and TRIES settings to the AUTHCHAIN_EMAILPIN_CONFIG namespace in the associated table)

hid_authchain_forgot_password:

  • Provides a 'forgot my password' authchain by sending a ”link to password change” email.

  • Dependencies:

    • Scenario.hid_authchain_select

    • Functional.hid_authchain_forgot_password

    • Functional.hid_authchain_select

    • Functional.hid_global_configuration (adds the MAXLIFE and EMAIL_ATTR settings to the FORGOT_PASSWORD namespace in the associated table)

hid_authchain_localauth:

Note

This component is meant for demonstration or development environments only; not for testing or production systems.

  • Allow users to skip authentication when instance is accessed from localhost; if the connection is from ::1 or 127.0.0.1, allow access without authentication.

  • Dependencies:

    • Functional.hid_authchain_localauth

    • Scenario.hid_authchain_select

    • Functional.hid_authchain_select

hid_authchain_oneauth:

  • Provides a Bravura OneAuth authentication scenario.

  • Dependencies:

    • Data.hid_target_hypr

    • Data.hid_authchain_oneauth

    • Functional.hid_authchain_select

hid_authchain_oneauth_2factor:

  • Provides a Bravura OneAuth two-factor authentication scenario.

  • Dependencies:

    • Scenario.hid_authchain_oneauth

    • Scenario.hid_authchain_select

    • Data.hid_authchain_oneauth_2factor

    • Functional.hid_authchain_fingerprint

    • Functional.hid_authchain_select

hid_authchain_personal_emailpin:

  • Send PIN to personal email previously registered by the user.

  • Dependencies:

    • Data.hid_attribute_personal_email

    • Functional.hid_authchain_personal_emailpin

    • Functional.hid_global_configuration (adds the EMAIL-ATTRIBUTE, MAXLIFE, and LENGTH settings to the AUTHCHAIN_PERSONAL_EMAILPIN_CONFIG namespace in the associated table)

hid_authchain_pii:

  • Use Personally Identifiable Information (PII) to authenticate a user.

  • These are Q&A from HR, almost always used only for a first login scenario (as using PII is susceptible to social engineering, and can be legally dangerous with users eligible for GPDR).

  • Dependencies:

    • Data.hid_attribute_dob

    • Data.hid_attribute_dl

    • Data.hid_attribute_mmn

    • Data.hid_attribute_ssn

    • Functional.hid_authchain_pii

    • Functional.hid_user_interface

    • Functional.hid_global_configuration (adds the DOB, DL, MMN, SSN, and PII_REQUIRED settings to the AUTHCHAIN_PII_ATTRS and AUTHCHAIN_PII_CONFIG namespaces, respectively, in the associated table)

hid_authchain_recaptcha:

  • Adds an authentication chain and required code for ReCAPTCHA2 (usually for external access) to frustrate robots attempting invalid access attempts.

  • Dependencies:

    • Functional.hid_authchain_recaptcha

    • Functional.hid_global_configuration

    • Functional.hid_dbe_update_trigger

hid_authchain_recaptcha_invisible:

  • Adds required configuration for invisible ReCAPTCHA2 (usually for external access) to frustrate robots attempting invalid access attempts.

    This ReCAPTCHA implementation uses the User Identification chain. Improper configuration may prevent any user from logging in.

  • Dependencies:

    • Functional.hid_authchain_recaptcha_invisible

    • Functional.hid_global_configuration

    • Functional.hid_dbe_update_trigger

hid_authchain_recaptcha_v3:

  • Adds an authentication chain and required code for ReCAPTCHA3.

  • Dependencies:

    • Functional.hid_authchain_recaptcha_v3

    • Functional.hid_global_configuration

    • Functional.hid_dbe_update_trigger

hid_authchain_saml_sp:

  • Authentication scenario to allow Bravura Security Fabric to be used as an SAML service provider.

  • Dependencies:

    • Scenario.hid_authchain_select

    • Data.hid_authchain_saml_sp

    • Data.hid_userclass_saml_users

    • Functional.hid_authchain_select

hid_authchain_select:

  • Default authentication scenario for console-only and regular users.

  • Dependencies:

    • Functional.hid_authchain_select

hid_authchain_smspin_celltrust:

  • SMS PIN authentication scenario that uses Celltrust as a SMS service provider; uses CellTrust account to send SMS texts to registered cell phones.

  • Dependencies:

    • Data.hid_attribute_mobile

    • Functional.hid_authchain_smspin

    • Functional.hid_sms_celltrust

    • Functional.hid_global_configuration

  • Conflicts:

    • Scenario.hid_authchain_smspin_email

    • Scenario.hid_authchain_smspin_twilio

hid_authchain_smspin_email:

  • Use mobile providers’ email-to-text gateways to send SMS texts to registered cell phones.

  • Major US and Canadian providers are automatically onboarded; other providers must be added before users register the phone to be available.

  • Dependencies:

    • Data.hid_attribute_mobile

    • Data.hid_attribute_mobile_provider

    • Functional.hid_authchain_smspin

    • Functional.hid_sms_email

    • Functional.hid_global_configuration

  • Conflicts:

    • Scenario.hid_authchain_smspin_twilio

    • Scenario.hid_authchain_smspin_celltrust

hid_authchain_smspin_twilio:

  • Use Twilio account to send SMS texts to registered cell phones.

  • Dependencies:

    • Data.hid_attribute_mobile

    • Functional.hid_authchain_smspin

    • Functional.hid_sms_twilio

    • Functional.hid_global_configuration

  • Conflicts:

    • Scenario.hid_authchain_smspin_email

    • Scenario.hid_authchain_smspin_celltrust

hid_saml_idp:

  • This component enables Bravura Security Fabric to act as a federated Identity Provider (IdP) using the Security Assertions Markup Language (SAML v2.0) protocol.

  • This allows other applications, either on-premise or hosted in a Software-as-a-Service (SaaS) manner, to hand off their user login processes to Bravura Security Fabric .

  • Dependencies:

    • Scenario.hid_authchain_select

    • Functional.hid_configuration

    • Functional.hid_extdb

    • Functional.hid_policy_saml_sso

    • Data.hid_authchain_saml

    • Functional.hid_saml_authentication

    • Functional.hid_authchain_reguser

    • Functional.hid_authchain_select

In this section: