Authentication

This tutorial helps users to learn about the various authentication methods supported by the Unifyia platform.

The Unifyia platform supports both single and multi-factor authentication (MFA) for the users. It allows users to use different types of passwordless and multi-factor authentication modes. These options are available to the user based on the configured access policy by the organization. Unifyia also supports identity federation by integrating identity providers (IdPs) with the Unifyia platform using OIDC/SAML protocols. When integrated, the users can use the IdP credentials to login to the Unifyia platform. Based on the MFA factors allowed, the sign-in page displays the list of authentication modes with which the user can log into the platform. Based on the credential preference set by the organization's administrator, the authentication methods are displayed. The users can click on the button Try another way to switch between available authentication methods.

Authentication Methods

The Unifyia platform supports the following authentication methods:

  • Certificate Based Authentication using
    • PIV, Derived PIV credentials
    • Trusted PIV Identities
  • Login Using Federated Identities
  • Login using Platform Authenticators - Passkeys (FIDO2)
  • Login using Cross-Platform Authenticators
    • External FIDO2 Security Keys
    • Derived Passkeys (FIDO2)
  • Login using Unifyia ID Wallet Credentials
    • Unifyia ID Wallet with PKI - Consent-based authentication method where a PKI credential stored on a mobile is used for signing the consent
    • Unifyia ID Wallet with Push Verify – Consent-based authentication method
    • Unifyia ID Wallet with OTP – Authentication method using One-Time Passwords
    • Unifyia ID Wallet with FIDO2 credential

Certificate Based Authentication

The Unifyia platform supports authentication using PIV or Derived PIV certificates issued by the platform itself and externally issued PIV identities that are trusted by the platform. To enable authentication with an externally issued PIV ID, your administrator must add the issuer certificate to the trust store. The process of login using both the types of credentials is similar.

Required

  • An identity device with PIV, Derived PIV credentials, or an externally issued PIV ID trusted by the Unifyia platform.
  • Card reader if you are using a smart card. For security keys, you can connect them through USB ports.
  • Unifyia User Client

Steps

  1. Launch the platform. Select Sign In.
  2. Connect your PIV identity.
  3. On the Sign-In page, select the option Use Smart Card.
  4. The system will detect your identity and prompt you to select the certificate. Select the certificate.
  5. When prompted, enter the PIN.
  6. On successful verification of the PIN, you are logged into the platform.

Federated Identities

The Unifyia platform supports login through federated identities, allowing organizations to use their existing identities for access. To enable this, external Identity Providers (IdPs) must be integrated into the platform's identity ecosystem. Once integrated, the IdP's logo or name appears on the sign-in page. The platform redirects authentication to the IdP and once verified, allows access to the portal. The IdP authentication credentials is at the discretion of the IdP. Currently, Unifyia supports Entra ID and OKTA for federated identity management.

Required

  • IdP Credentials

Steps

  1. Navigate to the Unifyia platform's sign-in page.
  2. Choose the configured IdP, such as Entra ID.
  3. On the IdP's sign-in page, enter your credentials as required (e.g., certificate or username/password).
  4. On successful authentication, you are logged into the platform.

Platform Authenticators - Passkeys (FIDO2)

The Unifyia platform allows users to authenticate using the Platform Authenticators that are built into devices like laptops, and desktops. These are inherently part of the device such as fingerprint sensors, facial recognition systems, or other secure hardware built into the device.

The following are the ways to login using the platform authenticators:

  • Windows Hello on Windows Devices
  • Password or Touch ID on MacBooks

Authenticate Using Windows Hello

Required:

  • On the Windows systems, register Windows Hello for passwordless authentication using biometrics (fingerprint, facial recognition) or a PIN.
  1. On the Sign In page, enter your email or username.
  2. Select Sign In.
  3. Select Sign In with Passkey.
    1. If you have registered your face as your passkey, the platform will detect your face.
    2. If you have registered your Fingerprint as your passkey, it will prompt you to touch the fingerprint sensor.
    3. If you have registered your computer's PIN, it will prompt you to enter the PIN.
  4. On successful verification, you are logged in.

Authentication on MacBook

Required:

  • On the MacBooks set up password or Touch ID if the system supports the feature.
  • You have completed the passkeys (FIDO2) registration. FIDO2 functionality is available on MacBooks starting with macOS 14 Sonoma.
  1. On the Sign In page, enter your email or username.
  2. Select Sign In.
  3. Select Sign In with Passkey.
  4. When prompted, provide a password or touch ID to verify identity.
  5. On successful verification, you are logged in.

Cross-Platform Authenticators

The Unifyia platform supports authentication using different form factors of the external or derived FIDO2 credential. These include mobile devices, NFC cards/keys, USB keys, and smart cards. While the form factor may vary, whether it's a FIDO2 passkey or a derived FIDO2 credential, the authentication process remains the same. The following are the ways to login using the cross-platform authenticators:

  • FIDO2 credentials saved on a mobile devices
  • NFC passkeys
  • USB passkeys
  • Smart cards

Authenticate Using Registered Mobile Devices

Required:

  • Mobile phone with a camera or an app to scan QR codes.
  • Mobile phone registered as passkeys (FIDO2). Ensure that the mobile device and laptop/desktop are connected over the same network.
  1. On the Sign In page, enter your email or username.
  2. Select Sign In. A QR code is displayed.
  3. Use your phone camera that has the native capacity to scan the QR code or use a QR code scanner app to scan the QR code.
  4. A notification is sent to your registered mobile device.
  5. Provide the configured screen lock credentials of your mobile device for verification.
  6. You are logged into the platform.

Authenticate Using an NFC Passkeys

Required

  • Registered FIDO2 Security Keys
  • NFC card readers
  1. Connect an external NFC reader to your computer to proceed.
  2. On the Sign In page, enter your email or username.
  3. Select Sign In.
  4. Select Sign In with Passkey.
  5. From the listed options on the security window, choose Security Keys and select OK.
  6. When prompted, tap the NFC passkey on the reader.
  7. Provide the set security key PIN to continue.
  8. You will be successfully logged into the platform.

Authenticate Using USB Passkeys

Required

  • Registered FIDO2 Security Keys in USB form
  1. Insert the USB security key into the USB slot of your computer.
  2. On the Sign In page, enter your email or username.
  3. Select Sign In.
  4. Select Sign In with Passkey.
  5. From the listed options on the security window, choose Security Keys and select OK.
  6. Enter the security key PIN.
  7. When prompted, touch the security key.
  8. You are logged into the platform.

Authenticate Using Smart Cards

Required

  • Smart card readers
  • Registered FIDO2 passkeys in smart card form factor
  • On Mac devices, it works with only Safari browser.
  1. Connect a smart card reader to your computer and insert the smart card into it.
  2. On the Sign In page, enter your email or username.
  3. Select Sign In.
  4. Select Sign In with Passkey.
  5. From the listed options on the security window, choose Security Keys and select OK.
  6. Enter the security key PIN.
  7. You are logged into the platform.

Unifyia ID Wallet with PKI

This is a consent-based authentication method where a PKI credential stored on a mobile is used for signing the consent.

Required

ID wallet app installed on a mobile phone.

Steps

  • Open the Unifyia Platform.
  • Enter your username and click SIGN IN.
  • A notification with a PKI certificate is sent to the Unifyia ID Wallet.
  • Check the notifications section on the mobile and tap on it.
  • The Login Request approval screen is displayed.
  • Tap on the Approve button to authenticate and log in to the portal.

Unifyia ID Wallet with Push Verify

This is a consent-based authentication method.

Required

ID wallet app installed on a mobile phone.

Steps
  1. Open the Unifyia Platform.
  2. Enter your username and click SIGN IN.
  3. A notification is sent to the Unifyia ID Wallet.
  4. Check the notifications section on the mobile and tap on it.
  5. The Login Request approval screen is displayed.
  6. Tap on the Approve button to authenticate and log in to the portal.

Unifyia ID Wallet with OTP

Required

ID wallet app installed on a mobile phone.

Steps

This is an authentication method that uses one-time passwords.

  1. Open the Unifyia Platform.
  2. If you wish to get authenticated with OTP, open the ID Wallet app and tap on the OTP.
  3. Enter the displayed OTP on the platform to log in.
  4. You are logged into the platform.

Unifyia ID Wallet with FIDO2 Credential

The FIDO2 credential issued on the ID Wallet app can be used to authenticate to the Unifyia platform on the mobile device browsers.

  1. Open the Unifyia Platform on a browser on a mobile device.
  2. On the Sign In page, enter your email or username.
  3. Select Sign In.
  4. Select Sign In with Passkey.
  5. You will be prompted to provide the configured screen lock credentials for verification.
  6. On successful verification, you are logged into the platform.

Back Next
On this page