TrustBuilder MFA glossary
Time-limited code that is used to activate a device as a trusted device. There are short codes (9 characters) that have a small livespan and long codes (20 characters) that have a longer lifespan.
Graphical interface, web browser-based, used by administrators to manage TrustBuilder services.
A user account. The login is the unique identifier of an account.
Active Directory Federation Services (AD FS)
Microsoft solution that extends end users' single sign-on (SSO) access to resources outside the corporate firewall. AD FS manages authentications with a proxy service that is hosted between an Active Directory and the target resource.
A system access point or library function that has a well-defined syntax and is accessible from application programs or user code to provide well-defined functionality.
Detailed list of an account or an application activities. Sometimes referred to as Audit Trail.
TrustBuilder Authenticator is an App that generates one-time passwords (OTP) including push notification. It also has an offline mode.
Process of verifying a user identity as a prerequisite to allowing access to resources or applications.
Authentication performed when the trusted device cannot connect to a wireless communication channel (e.g. airplane mode, network problems...). Exchanges between the trusted device and the server are therefore impossible.
Authentication performed when the trusted device can connect to a wireless communication channel. Exchanges between the trusted device and the server are therefore possible.
A trusted entity that issues or registers subscriber tokens and issues electronic credentials to subscribers.
Technical object connecting a third party application to the TrustBuilder authentication platform by defining the connection characteristics to apply.
Possession factor of a user, which allows the user to authenticate. It may be a mobile, a desktop or a web browser for example.
You may also see “device” referred to as "trusted device" or “token“.
The enrollment is the process through which an applicant applies to become a user of TrustBuilder services. It can be composed of the user provisioning and device activation to uniquely link the user to its authentication mean.
FCM (Firebase Cloud Messaging)
Firebase Cloud Messaging (FCM) is a cross-platform messaging solution allowing to send messages and notifications to Android, iOS and web applications.
FIDO2 (Fast Identity Online 2) is the most recent FIDO Alliance standard. FIDO2 is a collaboration between the FIDO Alliance and the World Wide Web Consortium (W3C). It enables web applications to use strong passwordless authentication mechanisms such as biometrics and security keys.
Group Policy Object (GPO)
Microsoft’s Group Policy Object (GPO) is a collection of Group Policy settings that defines what a system will look like and how it will behave for a defined group of users.
Browser token developed by TrustBuilder, supporting long secret codes called “passwords”.
Browser extension that saves the activation data of the browser token Helium, VA (Virtual Authenticator) and mAccess Web in case the browser data is lost.
Hardware Security Module (HSM)
A physical computing device that safeguards and manages cryptographic keys and provides cryptographic processing. An HSM is or contains a cryptographic module.
The service that serves as a source of identity and that confirms user identity. TrustBuilder may have the IdP role: it authenticates users and returns identity information to the Service Provider.
InWebo Directory Sync (IWDS) is a Java application allowing any TrustBuilder service administrator to do bulk creation, modification and deletion of TrustBuilder MFA users and groups, based on input data taken from an LDAP directory or a .csv file.
LDAP is the Lightweight Directory Access Protocol. This protocol allows clients to perform a variety of operations in a directory server, including storing and retrieving data, searching for data matching a given set of criteria.
The login of an account is unique. It defines the id of an account. The login is required to use TrustBuilder services.
Component which allows the integration of TrustBuilder MFA features to a mobile application.
Multi-factor Authentication (MFA)
MFA is an authentication method that requires the user to provide two or more verification factors to gain access to a resource. It can be called 2FA when only 2 factors are used.
Microsoft Software Installer (MSI)
File extension. MSI files are used to install programs on Windows operating systems. It can be used to install, uninstall, configure, and update programs on the computer.
OpenID Connect (OIDC)
OpenID Connect (OIDC) is an identity layer built on top of the OAuth 2.0 framework. It allows third-party applications to verify the identity of the end-user and to obtain basic user profile information.
One Time Password (OTP)
A OTP is generated by the user’s trusted device after providing requested authentication factor(s). A successful verification may provide access to a service or validates a transaction.
Personal Identification Number. It is the knowledge factor in a standard TrustBuilder service.
TrustBuilder documentation refers to user provisioning which is the process to create, modify, disable and delete user accounts and their profiles across IT infrastructure and business applications.
Also called a push or a server push notification, it is the delivery of information to a device from an application server where the request for the transaction is initiated by the server rather than by an explicit request from the client.
RADIUS (Remote Authentication Dial-In User Service)
This is a networking protocol which controls user network access via authentication and accounting. It is frequently used for connecting to a network service, for example in VPN clients.
Remote Desktop Gateway
Remote Desktop Gateway on a server allows distant users to log in to an infrastructure securely.
The role of an account determines if it’s a standard user, a manager or an administrator, and gives it rights on different TrustBuilder objects.
It is an open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
“Software Development Kit “ is a set of software tools intended for developers, facilitating the development of software on a platform. You can use two SDKs to embed the solution for your use : mAccess for applications, or mAccess Web for a web page.
Feature used to retrieve user consent during the authentication process for a specific context / transaction. The validation result can be used as a legal proof.
An application protected by the TrustBuilder MFA.
Set of rules defining the maximum number of devices, browsers and mAccess applications a group user will be able to activate.
A group of functions that allows the user to manage his account.
A group of users, connectors and security policies for a tenant.
A service that uses VA and the possibility to use PIN or password.
A type of service enabling more customization of the graphical interfaces, that uses Helium as a browser token and a customizable knowledge factor called ‘password’.
Service Provider (SP)
An individual or entity that provides services, typically the services for which users seek authentication, including web or enterprise applications. The Service Provider requests authentication and identity information about the user.
Security Information and Event Management is an approach of security management. It is possible to extract audit logs and use them as input in a SIEM software.
A dedicated and trusted instance of TrustBuilder service. The tenant is created when signing up for TrustBuilder MFA services. A TrustBuilder tenant represents a single organization and consists of at least of one service. It is called a customer in administration console V1.
A theme defines the appearance of components, buttons, and all visual elements of the user interfaces. The TrustBuilder administrator can use the theme editor to customize the look and feel of your end users' graphical interface
Token embedded in a user's trusted device (possession factor) that enables authentication via TrustBuilder MFA.
You may also see “token” referred to as "device" or “trusted device“.
Possession factor of a user. It may be a mobile, a desktop or a web browser for example.
You may also see “trusted device” referred to as "device" or “token“.
An unlock code can be used to unlock a PIN, a password or a device that is locked.
A TrustBuilder MFA user refers to an individual that has an account in the platform.
Virtual Authenticator (VA)
TrustBuilder Windows Logon is a feature that allows a user to open a Windows session with TrustBuilder MFA using a mobile Authenticator app.
2 Factor Authentication
Active Directory Federation Services
Application Programming Interface
Group Policy Object
Firebase Cloud Messaging
Hardware Security Module
InWebo Directory Sync
Lightweight Directory Access Protocol
Multi Factor Authentication
Microsoft Software Installer
One Time Password
Personal Identification Number
Remote Authentication Dial-In User Service
Security Assertion Markup Language
Software Development Kit
Security Information and Event Management
Single Sign On
Virtual Private Network