Identity & Access
Go back to website

Authentication

Authentication (Authn) is the process of verifying the identity of users, devices, applications, or other entities, providing a level of assurance that they are who they claim to be. Our system provides four levels of authentication assurance:

LoA 1 (Low Assurance)

At AAL1, authentication is typically performed using a single-factor authentication method, such as password or one-time passcodes (OTP) sent via SMS or Email. This level of assurance is suitable for environments with lower security requirements.

  • Authentication Methods for AAL1:

    • Password

    • SMS OTP

    • Email OTP

    • TEL (Phone call verification)

LoA 2 (Moderate Assurance)

AAL2 requires multi-factor authentication (MFA), combining at least two independent factors to verify the identity of the user. This may include combinations of passwords, TOTP (Time-based One-Time Password), or Passkeys with methods like SMS OTP, Email OTP, or TEL. This level of assurance is appropriate for systems that require moderate security.

  • Authentication Methods for AAL2:

    • Password + SMS OTP

    • Password + Email OTP

    • Password + TOTP

    • Passkeys + SMS OTP

    • Passkeys + Email OTP

    • TEL + Password

LoA 3 (High Assurance)

AAL3 involves strong multi-factor authentication to ensure high security, typically using biometrics or physical tokens like smartcards combined with TOTP, Passkeys, or SMS/Email OTP. This level is required for high-risk environments where robust identity verification is essential.

  • Authentication Methods for AAL3:

    • Password + Passkeys + TOTP

    • Passkeys + TOTP + SMS OTP

    • Passkeys + TOTP + Email OTP

    • Passkeys + SMS OTP + TEL

    • Passkeys + Email OTP + TEL

LoA 4 (Very High Assurance)

AAL4 represents the highest level of assurance, involving multiple independent factors, including biometrics, smartcards, Passkeys, TOTP, SMS OTP, Email OTP, and TEL. This level is designed for environments that require maximum security, ensuring a very high level of trust in the user or entity's identity.

  • Authentication Methods for AAL4:

    • Passkeys + TOTP + SMS OTP + TEL

    • Passkeys + TOTP + Email OTP + TEL

    • Passkeys + TOTP + Biometric Authentication

Authentication Factors

Our system categorizes authentication Factors into three classes:

  • Something you know: Knowledge-based methods (e.g., passwords, PINs).

  • Something you have: Possession-based methods (e.g., email, phonenumber, sms, voice, app one-time password generators).

  • Something you are: Inherence-based methods (e.g., fingerprint, voice recognition, facial recognition, iris scan).

PreviousIdentity ProviderNextClient Authentication

Last updated