LeZa
  • Introduction
  • Basic Concepts
    • Authentication
    • Audit & Traceability
    • Controlling Access Functionality
    • FAQ
  • Getting Started
    • Create an account
    • Set up an Organization
    • Create a first application
    • Setting up access control
    • Running the LeZa Proxy
    • Invite users
    • Secure your network
  • API
  • References
Powered by GitBook
On this page
  • LeZa as an Identity Provider
  • External Identity Providers
  • Authentication
  • MFA (Multi-Factor Authentication)
  • Defining Custom Authentication Settings per Organization

Was this helpful?

  1. Basic Concepts

Authentication

LeZa provides an out-the-box implementation for the right authentication to support your projects

PreviousBasic ConceptsNextAudit & Traceability

Last updated 3 years ago

Was this helpful?

LeZa as an Identity Provider

LeZa is in itself an identity provider based on the implementation. It allows you to register users and keep their information safe. Easy access to this information is accessible through our open .

External Identity Providers

LeZa seemlessly manages connections to other Identity Providers for your application and sits between your application and the Identity Provider that authenticates your users.

LeZa provides SSO or Social Sign-in which allows you to connect to Identity Providers like , , and many more with zero fuss.

An external identity provider is a service that creates and maintains identity information and then provides authentication services to your applications. Integrating with external identity providers can significantly reduce sign-in and registration friction, which allows your users to easily access applications without needing to create new passwords or remember usernames.

Authentication

LeZa allows you to control access to your application using both the OAuth 2.0 and OpenID Connect specifications.

(OIDC) is an authentication protocol that is an extension of . While OAuth 2.0 is only a framework for building authorization protocols and is mainly incomplete, OIDC is a full-fledged authentication and authorization protocol. OIDC also makes heavy use of the (JWT) set of standards. These standards define an identity token JSON format and ways to digitally sign and encrypt that data in a compact and web-friendly way.

MFA (Multi-Factor Authentication)

LeZa enables allowing users to configure MFA. Organisation admins are able to set MFA as a requirement for all users in the organisation. The multi-factor authentication methods that are provided are:

  • Using an authentication app like Google Authenticator

  • Using one or more phone numbers

  • Using your email address

  • Something the user knows (eg. Password or Pin)

  • Something the user has (eg. Hardware key or Phone)

  • Something the user is (eg. Fingerprint or Facial Recognition)

Defining Custom Authentication Settings per Organization

  • MFA to be required by users (forced) and which methods to allow

  • The token expiration time period for user registration and password reset

  • Password length and strength requirements

  • Maximum password lifetime

What is Strong Customer Authentication? Strong Customer Authentication () is a new European regulatory requirement to reduce fraud and make online services more secure. SCA requires authentication to use at least two of the following three elements:

have the flexibility to configure their own authentication policy requirements for the following items:

Permissible

OpenID Connect protocol
API
Google
Facebook
Azure
OpenID Connect
OAuth 2.0
Json Web Token
strong customer authentication
SCA
SSO Identity Providers
Organization admins