IAM Integrations Overview
- tru.ID’s possession factor verification is agnostic to where it is used in a login flow. It could be the only factor (passwordless implementation), the first factor, or one of the subsequent factors in a login flow.
- The IAM platform can invoke a tru.ID verification through the IAM connector (available from the marketplace).
- You can either build your own OIDC implementation or use the tru.ID OIDC Bridge, which is a component made available by tru.ID for our customers. If you choose the tru.ID OIDC Bridge, it is ready to work with your IAM connector out of the box.
- Once configured with your tru.ID platform credentials, the OIDC bridge will receive requests from the connector to initiate verification and trigger a check on a factor via the tru.ID platform.
- The tru.ID platform verifies the presence of an active SIM corresponding to the user’s expected phone number within a cellular data session to provide assured proof that the user is in possession of the expected digital identity (phone number).
tru.ID can natively integrate directly with many IAM providers for either:
- adding an extra factor to their existing Sign In flows
- adding a passwordless option to the existing Sign In flows
These require that any IAM Users who use the factor must have a phone number associated with their profile.
tru.ID provides an OIDC bridge component, which provides a set of defaults for verifying IAM Users. The role of this bridge is to trigger verifications for a particular factor when instructed to.
The bridge intercepts the IAM Sign In flow (by using tru.ID OpenID Connect Service) and decides what is the best factor to verify the authenticating User. The defaults are:
- Use PhoneCheck to verify the IAM user phone number
- Use a push notification to verify the IAM user — applicable only if they have installed and onboarded the tru.ID Authenticator app which can be found on the Android Playstore and Apple App Store.
- Use TOTP to verify the IAM user — applicable if they have onboarded a mobile authenticator, which could either be tru.ID Authenticator app or any other 3rd party authenticator.
The verification will fail if the bridge cannot extract a phone number from the IAM User.