Home > OpenID Connect OAuth Server dedicated > Develop > OpenID Connect > Identifying the end user

Identifying the end user

Identification is the part of the authentication in which the end user identifies or is identified. OAuthSD offers everything necessary to process identification (login / password, two-factor identification) or may delegate this identification to a third-party Identity Provider.

Integrated identification systems at OAuthSD

OAuthSD distinguishes primary identity providers and, if two-factor identification (2FA) is enabled, the secondary ones. The IDENTITY_PROVIDER and TFA_PROVIDER configuration constants define which systems will be used.

OAuthSD offers the following identification systems:

- Primary identification (constant IDENTITY_PROVIDER):

  • ’password’: classic identification by login and password,
  • ’ghostkeys’: identification by login and password clicked in a random grid.

- Secondary identification (constant TFA_PROVIDER):

  • ’checkbysms’: the classic SMS check,
  • ’gangsta’: TOTP type identification (Time-based One-time Password) with Google Authenticator (DnC’s own is under development).
    (more to come ...)

Learn more:
- Validation en 2 étapes (Two Factor Authentication, 2FA) .

Delegate identification to third party ID providers

One easy way is to use the identity services of Google, Facebook, Twitter etc. This certainly provides great comfort for the user and perfectly illustrates the principle of SSO.
However, this is not the way to ensure the confidentiality that you want in an organization implementing protected information that belongs to it. Allowing a user to simultaneously connect to a social network and business applications in the organization with the same tracking cookie is certainly the worst of all data protection.

OAuthSD allows integration of third-party identification systems, whether standard such as LADP and Active Directory (Kerberos) or organization-specific (ID card, biometric identification ...). Such a system can substitute for both primary and secondary identification.

Learn more:
- Identification par OpenID Connect des utilisateurs identifiés avec Kerberos.