LeZa as an Identity Provider

LeZa is in itself an identity provider based on the OpenID Connect protocol implementation. It allows you to register users and keep their information safe. Easy access to this information is accessible through our open API.

External Identity Providers

LeZa seemlessly manages connections to other Identity Providers for your application and sits between your application and the Identity Provider that authenticates your users.

LeZa provides SSO or Social Sign-in which allows you to connect to Identity Providers like Google, Facebook, Azure and many more with zero fuss.

An external identity provider is a service that creates and maintains identity information and then provides authentication services to your applications. Integrating with external identity providers can significantly reduce sign-in and registration friction, which allows your users to easily access applications without needing to create new passwords or remember usernames.

Authentication

LeZa allows you to control access to your application using both the OAuth 2.0 and OpenID Connect specifications.

OpenID Connect (OIDC) is an authentication protocol that is an extension of OAuth 2.0. While OAuth 2.0 is only a framework for building authorization protocols and is mainly incomplete, OIDC is a full-fledged authentication and authorization protocol. OIDC also makes heavy use of the Json Web Token (JWT) set of standards. These standards define an identity token JSON format and ways to digitally sign and encrypt that data in a compact and web-friendly way.

MFA (Multi-Factor Authentication)

LeZa enables strong customer authentication allowing users to configure MFA. Organisation admins are able to set MFA as a requirement for all users in the organisation. The multi-factor authentication methods that are provided are:

• Using an authentication app like Google Authenticator

• Using one or more phone numbers

• Using your email address

What is Strong Customer Authentication? Strong Customer Authentication (SCA) is a new European regulatory requirement to reduce fraud and make online services more secure. SCA requires authentication to use at least two of the following three elements:

• Something the user knows (eg. Password or Pin)

• Something the user has (eg. Hardware key or Phone)

• Something the user is (eg. Fingerprint or Facial Recognition)

Defining Custom Authentication Settings per Organization

Organization admins have the flexibility to configure their own authentication policy requirements for the following items:

• MFA to be required by users (forced) and which methods to allow

• The token expiration time period for user registration and password reset

• Password length and strength requirements

• Permissible SSO Identity Providers

• Maximum password lifetime