Login procedures and their creation#

About the login procedures#

Java authentication flows are used to configure the rules for user access to different applications. The authentication flows can be used to determine, for example, which applications should be available to which users, under what conditions two-factor authentication should be required, and which login validation methods a user can use. The use of authentication flows allows an organization to enforce its application access control policies.

Authentication flows are managed in the section Login procedures of the Blitz Identity Provider admin console.

../_images/auth_flows_en.jpg

Creating a procedure#

Creation of an authentication flow has following steps:

  1. Specifying the basic parameters of the flow:

    • flow ID;

    • flow description;

    • applications - a list of applications that will use the authentication flow.

Important

Only one flow can be created for each application. If no flow is created for a given application, the standard entry procedure (default authentication flow) will be applied to that application. If a flow is created without specifying applications, it will replace the standard authentication flow.

../_images/image045_en.png
  1. Writing the source code of the procedure. For successful operation of the authentication flow it is necessary to write a Java class that implements the necessary Strategy interface. All context information about the user, the current state of the authentication flow, etc. is available in the Context object. The flow consists of two blocks that define:

    • actions taken at the initial stage of the authentication process. In this block, for example, it is possible to define under what conditions to switch to the application in SSO mode (if the user has been previously authenticated);

    • actions taken after the initial authentication of the user. In this block, for example, you can define which two-factor authentication methods to use under which conditions.

  2. After writing the code, you should press the “Compile” button. If errors are detected, incorrect code fragments will be highlighted and signed with errors.

  3. If the compilation was successful you can save the flow.

  4. The saved procedure can be activated by clicking on the “Activate” button in the header of the corresponding procedure.

  5. Both activated and deactivated procedures can be edited. After editing, compile the procedure and then save it. If it has been activated, the new compiled flow will replace the old one.

Warning

If the procedure has been activated, only the compiled one can be saved. In other words, if an error while editing an activated flow has been detected, the “Save” button will not work and after reloading the page all changes will be lost.

../_images/image054_en.png