Managing Policies
A policy defines the method and rules for registration and authentication, which is used to verify the identity of a person. This page will cover the various configuration options available in the Backoffice and TrustX API.
Creating a Policy
To create a new policy from the Backoffice application,
- Navigate to Identity Store > Policies.
- From the Policies landing page, select an Identity Store from the dropdown list. This will be the Identity Store that the policy will apply to.
- When an Identity Store is selected, new options will become available.
- Appkey Management - Enables the creation, deletion and editing of Appkey policies.
- Passkey Management - Enables the creation, deletion and editing of Passkey policies.
Note Appkeys are not fully supported. Full support is planned for a future release.
Passkey Configuration
This section will describe the steps required for configuring a new Passkey policy using the Backoffice application.
Each Passkey policy must include the following information:
Configuration Name - The name of the Passkey policy.
Relying Party ID - The relying party ID.
Restricted Origins
The Restricted Origins section defines a list of acceptable origins. If supplied, passkey authentications will be restricted to the URLs defined in this section. If not supplied, passkey authentications are restricted to the relying party ID domain.
Registration Policies
This section enables the configuration of new registration policies. Multiple configurations can be made by clicking the 'Add New Registration Policy' button.
| Parameter | Type | Description |
|---|---|---|
| Registration Policy Name | String | The name of the registration policy name |
| Key Types to Register | String | Determines what type of registration will be used. Currently only 'Platform' is supported, meaning the registration is embedded in the User's device and comprising of biometric and hardware chips for protecting Passkeys. |
| Allow External Challenge | Boolean | Determines whether the registration challenge is performed externally or by TrustX. If enabled, the registration challenge is performed externally. |
| Manage Session Externally | Boolean | If enabled, the session duration will be managed externally. If disabled, the session duration will be managed and set within TrustX. |
| Session Duration | Integer | Determines how long the session will be alive, defined in minutes. |
| Store an Audit Record of the Registration | Boolean | If enabled, an audit record will be stored of the registration. |
Authentication Policies
| Parameter | Type | Description |
|---|---|---|
| Authentication Policy Name | String | The name of the authentication policy name |
| Authenticate Key Type | String | Determines what type of authenticator will be used. Currently only 'Platform' is supported, meaning the authenticator is embedded in the User's device and comprising of biometric and hardware chips for protecting Passkeys. |
| Store an Audit Record of the Registration | Boolean | If enabled, an audit record will be stored of the registration. |
| Allow External Challenge | Boolean | Determines whether the authentication challenge is performed externally or by TrustX. If enabled, the authentication challenge is performed externally. |
| Manage Session Externally | Boolean | If enabled, the session duration will be managed externally. If disabled, the session duration will be managed and set within TrustX. |
| Session Duration | Integer | Determines how long the session will be alive, defined in minutes. |