Skip to main content
Ctrl+K
Logo image

Site Navigation

  • Product Overview
  • Update
  • Specification
  • Administration
  • Integration
  • Online-demo
  • Distribution packages
  • identityblitz.com

Site Navigation

  • Product Overview
  • Update
  • Specification
  • Administration
  • Integration
  • Online-demo
  • Distribution packages
  • identityblitz.com

In this document

Deployment

  • Deployment architecture
  • System requirements
  • General installation instructions
  • Express instructions for various operating systems
    • Limitations when using instructions
    • Rocky Linux, AlmaLinux, Oracle Linux, RHEL
  • The first steps after installation
    • Configure launch options for Blitz Identity Provider services
    • Logging in to Admin console
    • License key installation
    • Administrator account management
    • Restarting Blitz Identity Provider services
    • Deleting files used for installation

Basic configuration

  • User account attributes
    • What is an account attribute?
    • Configuring the available attributes
    • Connecting attribute storages
  • Authentication
    • How to work with authentication settings
    • General settings
    • Password policies
    • Security key management
    • Logging in using login and password
    • Login with an electronic signature tool
    • Logging in via external identification services
    • Login with proxy authentication
    • Login using an operating system session
    • Login with confirmation codes
    • Login from a known device
    • Login by one-time link
    • Login by QR code
    • Automatic user identification by session properties
    • Login confirmation with a HMAC-based one-time password (HOTP)
    • Time-based one-time password login confirmation (TOTP)
    • Binding devices to user accounts
    • Confirmation codes sent in SMS and push notifications
    • Confirmation codes sent by email
    • Login confirmation via Duo Mobile
    • Re-confirmation when logging in from a known device
    • Confirmation by the answer to the security question
    • Confirmation by incoming call
    • Configuring an external authentication method
    • Customizing the Impersonalization Procedure
  • External identity providers
    • How to set up login via external identity providers
    • International providers
    • Login via another Blitz Identity Provider setup
    • Account linking settings
  • Customizing user services
    • General settings
    • User registration
    • User profile
    • Access recovery
  • User administration
    • User account management
    • User search
    • Adding a user
    • View and edit user attributes
    • Managing user groups
    • Access rights management
  • Notifications and sending messages

Access to applications and network services

  • Registering applications in Blitz Identity Provider
  • SAML and WS-Federation
  • OAuth 2.0 and OpenID Connect 1.0
  • Simple
  • Interaction via the REST API
  • Access to network services via RADIUS

Customization with Java code

  • Login procedures and their creation
  • Ready-made login procedures
    • Forced two-factor authentication
    • Limiting the list of available first factor methods
    • Log in only with a certain attribute value
    • Prohibiting login after account expiration
    • Log in only from certain networks
    • Prohibition of work in several simultaneous sessions
    • Saving a list of user groups in claims
    • Displaying an announcement to the user at login
    • Request for user to enter attribute or actualize phone and email
    • Requesting the user to enter a security question
    • Registration of security key (WebAuthn, Passkey, FIDO2) at login
    • Display a list of value selections to the user at login
  • Examples of login procedures for various purposes
    • Obtaining the user’s geodata
  • Customization of the logic of operations with data storages

UI design and texts

  • Login page design
  • Interface text settings
  • Logos of the login buttons through the services of external suppliers

Configuration file settings

  • Configuration file list
  • Settings in blitz.conf file
    • Logins and passwords
    • Attributes
    • CAPTCHA
    • Queue server
    • Stores and databases
    • Blitz Identity Provider domain
    • Users
    • WebAuthn, Passkey, FIDO2, U2F provider certificates
    • OIDC, SAML, and external identity providers
    • Logging incomplete login attempts
    • Transferring security events to file or Kafka
    • Storing application settings in separate files
  • Admin console settings

Security, maintenance, and troubleshooting

  • Viewing security events
  • Application performance monitoring
  • Problem solving
  • Security Gateway
  • Administration
  • Authentication
  • Login by one-time link

Login by one-time link#

One-time link login is used to provide automatic login after a user has self-registered an account, recovered a forgotten password, or when using a special login mode when opening a web browser from a mobile application to which the user has previously logged in.

Note

This scenario is described in detail in the “Integration Guide” chapter “Opening web resources from the mobile application in end-to-end authentication mode”.

Method customization includes specifying the validity time of the link used for automatic login. For automatic login to work, no more than the time specified in the setting must have elapsed from the time the link is generated (after successful completion of registration or password recovery or receipt of the css parameter by the mobile application) until the user login is initiated, and that the link has not been used before.

:size=80%

Setting the link validity time#

previous

Login from a known device

next

Login by QR code

Identity Blitz © 2024

Last updated on Apr 23, 2024.