Skip to main content
Ctrl+K
Logo image

Site Navigation

  • Specification
  • Update
  • Administration
  • Integration
  • Modules
  • Download PDF
  • Online-demo
  • Русский
  • Distribution packages
  • identityblitz.com

Site Navigation

  • Specification
  • Update
  • Administration
  • Integration
  • Modules
  • Download PDF
  • Online-demo
  • Русский
  • Distribution packages
  • identityblitz.com

In this document

Deployment

  • Deployment architecture
  • System requirements
  • General installation instructions
  • Express instructions for various operating systems
    • Limitations when using instructions
    • Rocky Linux, AlmaLinux, Oracle Linux, RHEL
  • The first steps after installation
    • Configure launch options for Blitz Identity Provider services
    • Logging in to Admin console
    • License key installation
    • Administrator account management
    • Restarting Blitz Identity Provider services
    • Deleting files used for installation

Basic configuration

  • User account attributes
    • What is an account attribute?
    • Configuring the available attributes
    • Connecting attribute storages
  • Authentication
    • How to work with authentication settings
    • General settings
    • Password policies
    • Security key management
    • Logging in using login and password
    • Logging in with electronic signature tool
    • Logging in via external identification services
    • Logging in with proxy authentication
    • Logging in using operating system session
    • Logging in with email
    • Logging in with confirmation codes
    • Logging in from known device
    • Logging in by one-time link
    • Logging in by QR code
    • Automatic user identification by session properties
    • Log-in confirmation with a HMAC-based one-time password (HOTP)
    • Time-based one-time password log-in confirmation (TOTP)
    • Binding devices to user accounts
    • Confirmation codes sent in SMS and push notifications
    • Confirmation codes sent by email
    • Log-in confirmation via Duo Mobile
    • Re-confirmation when logging in from known device
    • Confirmation by answering security question
    • Confirmation by incoming call
    • Configuring an external authentication method
    • Customizing the Impersonalization Procedure
  • External identity providers
    • How to set up login via external identity providers
    • International providers
    • Login via another Blitz Identity Provider setup
    • Account linking settings
  • Customizing user services
    • General settings
    • User registration
    • User profile
    • Access recovery
  • User administration
    • User account management
    • User search
    • Adding a user
    • View and edit user attributes
    • Managing user groups
    • Access rights management
  • Notifications and sending messages

Access to applications and network services

  • Registering applications in Blitz Identity Provider
  • Operation schemes of SSO technologies
    • Connecting a web app via OIDC
    • Connecting a mobile app via OIDC
    • Connecting an app via SAML
  • Configuring SAML and WS-Federation
  • OAuth 2.0 and OpenID Connect 1.0
  • Simple
  • Interaction via the REST API
  • Access to network services via RADIUS

Customization with Java code

  • Login procedures and their creation
  • Ready-made login procedures
    • Forced two-factor authentication
    • Limiting the list of available first factor methods
    • Log in only with a certain attribute value
    • Prohibiting login after account expiration
    • Log in only from certain networks
    • Prohibition of work in several simultaneous sessions
    • Saving a list of user groups in claims
    • Displaying an announcement to the user at login
    • Request for user to enter attribute or actualize phone and email
    • Requesting the user to enter a security question
    • Registration of security key (WebAuthn, Passkey, FIDO2) at login
    • Display a list of value selections to the user at login
  • Functions and methods of various purposes in login procedures
    • Obtaining the user’s geodata
    • User session reset
    • Invoking custom errors in script
    • Analyzing application tags
  • Customization of the logic of operations with data storages
  • Procedures for binding external user accounts
    • User registration in external identity provider
    • Discovering external account name

UI design and texts

  • Login page
  • User profile
  • Multilanguage support
  • Interface text settings
  • Logos for external provider log-in buttons

Configuration file settings

  • Configuration file list
  • Settings in blitz.conf file
    • Logins and passwords
    • Attributes
    • CAPTCHA
    • Queue server
    • Stores and databases
    • Blitz Identity Provider domain
    • Users
    • WebAuthn, Passkey, FIDO2, U2F provider certificates
    • OIDC, SAML, and external identity providers
    • Logging incomplete login attempts
    • Transferring security events to file or Kafka
    • Storing application settings in separate files
    • SSO session duration
  • Admin console settings
  • Configuring Token Exchange

Security, maintenance, and troubleshooting

  • Viewing security events
  • Application performance monitoring
  • Problem solving
  • Security gateway
  • Administration
  • Authentication
  • Logging in by one-time link

Logging in by one-time link#

One-time link login is used to provide automatic login after a user has self-registered an account, recovered a forgotten password, or when using a special login mode when opening a web browser from a mobile application to which the user has previously logged in.

Note

Learn more about the last use case.

Method customization includes specifying the validity time of the link used for automatic login. For automatic login to work, no more than the time specified in the setting must have elapsed from the time the link is generated (after successful completion of registration or password recovery or receipt of the css parameter by the mobile application) until the user login is initiated, and that the link has not been used before.

previous

Logging in from known device

next

Logging in by QR code

Identity Blitz © 2024

Last updated on Nov 15, 2024.