TelluCare supports several different types of authentication, and here are a list of them together with some pros and cons for each of them. We have also a short guide on how to implement.
Username and password
The most basic form of authentication is the use of username and password.
The username can be anything your organization chooses. This type of authentication has a low level of authentication as we can't really know wh logged in (LOA1).
This methos is good for organization where the higher level of authentications are not available for different reasons.
Username and password with SMS
This is basically the same as "username and password", but with SMS as a second factor. This raises the level of authentication slightly (LOA3).
Username and password with Authenticator app
This is basically the same as "username and password", but with the Authenticator app as a second factor. This raises the level of authentication slightly (LOA3).
ID-porten (bank ID)
ID-porten is a norwegian authentication provider that supports bank ID (bank issued electronic authentication) and other similar methods (Buypass, Commfides and MinID).
ID-porten has a high level of authentication (LOA4), but requires a national ID like norwegian passport. This excludes foreign workers. It also requires the use of a personal second factor, which is not always popular in work related situations.
The user ID will be the 11 digit personal identification number.
Azure AD (municipal ID)
Most minicipalities or other organizations have their users stored in a directory (active directory or Azure AD). This can be used as a user catalogue. Using this implies that users have been added through a process where their identity has been verified somehow, and they are granted access to the municipal network and resources.
We can then synchronize the contents of users groups to the roles in TelluCare (see FAQ about roles), and automatically reflect changes from Azure AD to TelluCare. This means that we will add any new users, or delete if you remove one. You'll have just one place to manage your users and their roles!
Users connected to Azure AD will have a username that corresponds with their municipal ID, usually the municipal email address (LOA3).
Things to consider
When you want to start using TelluCare, you should have a strategy on authentication.
- What level of authentication (LOA) is required in your organization?
- Usernames cannot be changed, even if you change authentication methods.
- You can have multiple methods on a user level, but the LOA will correspond to the one with the lowest LOA.
- Using ID-porten or Azure AD is a small project that requires some resources from your organization as well.
- The use of two-factor increases LOA, but requires a second factor (often something personal) that is tied to your identity. In many cases, this will require the use of a personal device.
- The only method that allows single sign-on is Azure AD, but using single sign-on requires an Azure AD login already on the device. If this is not present, the single sign-on process will fail.