Skip to main content

Query User Authenticators

POST 
/api/web/v2/authentication/users

Query User Authenticators

Request

Body

required

    applicationId stringrequired

    Unique identifier of the Identity as a Service Authentication API application

    authToken string

    Authentication token.

    clientIp string

    Provided client IP address.

    ignoreIPAddressForRBA boolean

    Setting defines if IP Address is ignored for RBA or not. Default value is false and will not ignore IP Address for RBA.

    machineAuthenticator

    object

    Machine authenticator required to complete authentication challenge

    fingerprint string

    The device fingerprint if it's required during Machine authentication. It will always be null when returned from IDaaS as part of the response body.

    machineNonce string

    machineNonce

    sequenceNonce string

    sequenceNonce

    offlineTVS boolean

    A flag indicating if the offline QR code token verification is used. Used only if a challenge is required for authentication when returnDefaultChallenge is true.

    origin string

    Provided client origin.

    priority int32

    The priority for push transactions where queuing is enabled. Default is 0 and allowed values are 0-9. Used only if a challenge is required for authentication when returnDefaultChallenge is true.

    pushMessageIdentifier string

    Defines an identifier to retrieve customized SDK push message configuration. Used only if a challenge is required for authentication when returnDefaultChallenge is true.

    requestDetail

    object

    Request detail items.

    browser string

    The browser associated with the request.

    os string

    The OS associated with the request.

    returnDefaultChallenge boolean

    Flag indicating whether the service should include in the response the default challenge.

    summary string

    The push authentication challenge that appears in the user's mobile application. Used only if a challenge is required for authentication when returnDefaultChallenge is true.

    supportChoosingOtpDelivery booleandeprecated

    Deprecated : Clients who support choosing OTP delivery can still work without having to supply this flag.Flag indicating whether client supports choosing OTP delivery contact attribute.If the client doesn't support it and default OTP delivery is set to NONE, OTP won't be available as an authenticator.

    tokenPushMutualChallengeEnabled boolean

    A flag indicating if the token push mutual authentication is supported. Used only if a challenge is required for authentication when returnDefaultChallenge is true.

    transactionDetails

    object[]

    Transaction Details.

  • Array [

    • detail string

    The transaction detail name.

    usage string[]

    Possible values: [RBA, TVS]

    value string

    The transaction detail value.

  • ]

    • userId stringrequired

    User ID (containing the user ID or a user alias) of the Identity as a Service user completing the authentication challenge.

Responses

Authenticators retrieved successfully

Schema

    authenticationCompleted boolean

    Flag to indicate if access to the application is allowed with the current JWT.

    authenticationTypes string[]

    Possible values: [MACHINE, PASSWORD, EXTERNAL, KBA, TEMP_ACCESS_CODE, OTP, GRID, TOKEN, TOKENPUSH, FIDO, SMARTCREDENTIALPUSH, PASSWORD_AND_SECONDFACTOR, SMART_LOGIN, IDP, PASSKEY, IDP_AND_SECONDFACTOR, USER_CERTIFICATE, FACE]

    List of authenticator types available for the user.

    authenticatorLockoutStatus

    object[]

    A list of all authenticators that the user has with their lockout status.

  • Array [

    • lockoutDate date-time

    The date the user was locked. Null means the user is not locked.

    lockoutExpiryDate date-time

    if remainingAuthenticationAttempts is 0 then a lockoutExpiryDate of null means the lockout never expires. Otherwise a value of null means the user isn't locked out.

    remainingAuthenticationAttempts int32

    The number of authentication attempts remaining before the user is locked out.

    type string

    Possible values: [MACHINE, PASSWORD, EXTERNAL, KBA, TEMP_ACCESS_CODE, OTP, GRID, TOKEN, TOKENPUSH, FIDO, SMARTCREDENTIALPUSH, PASSWORD_AND_SECONDFACTOR, SMART_LOGIN, IDP, PASSKEY, IDP_AND_SECONDFACTOR, USER_CERTIFICATE, FACE]

    The type of the authenticator.

  • ]

    • availableSecondFactor string[]

    Possible values: [MACHINE, PASSWORD, EXTERNAL, KBA, TEMP_ACCESS_CODE, OTP, GRID, TOKEN, TOKENPUSH, FIDO, SMARTCREDENTIALPUSH, PASSWORD_AND_SECONDFACTOR, SMART_LOGIN, IDP, PASSKEY, IDP_AND_SECONDFACTOR, USER_CERTIFICATE, FACE]

    Lists authenticator types available to complete second factor challenge (if enabled).

    deviceCertAuthDesired boolean

    Flag to indicate if the user has to attempt device certificate authentication.

    expires int64

    fidoChallenge

    object

    If the authentication challenge is of type FIDO, the FIDOChallenge will contain the FIDO challenge parameters that must be passed to the FIDO token to complete authentication.

    allowCredentials string[]

    The list of IDs of the FIDO tokens registered for the user. Each value is base-64 encoded.

    challenge stringrequired

    A random challenge. It is a base-64 encoded value.

    timeout int32required

    The number of seconds that the client will wait for the FIDO token to respond.

    gridChallenge

    object

    If the authentication challenge is of type grid, the GridChallenge object will contain the grid challenge that the end user must answer.

    challenge

    object[]

    required

    The grid challenge specifies a list of grid cells that the user must answer in their challenge.

  • Array [

    • column int32required

    The column within the grid starting at 0.

    row int32required

    The row within the grid starting at 0.

  • ]

    • gridInfo

    object[]

    required

    The grid details.

  • Array [

    • expiryDate date-time

    The expiry date of the grid. Null value indicates the grid will never expire.

    serialNumber stringrequired

    The serial number of the grid that can be used to answer this challenge.

  • ]

    • numCharsPerCell int32required

    The numCharsPerCell value specifies the number of characters expected in the response for each cell as defined by current settings.

    serialNumbers string[]requireddeprecated

    The serial numbers of the grids that can be used to answer this challenge.

    kbaChallenge

    object

    Knowledge-based authenticator required for authentication to Identity as a Service

    id string

    userQuestions

    object[]

    required

  • Array [

    • answer string

    The question's answer.

    id string

    The UUID of the KBA question/answer.

    question string

    The question.

  • ]

    • machineAuthenticator

    object

    Machine authenticator required to complete authentication challenge

    fingerprint string

    The device fingerprint if it's required during Machine authentication. It will always be null when returned from IDaaS as part of the response body.

    machineNonce string

    machineNonce

    sequenceNonce string

    sequenceNonce

    organizations

    object[]

    A list of the user organizations.

  • Array [

    • description string

    The description of the organization.

    displayName stringrequired

    The display name of the organization.

    id stringrequired

    The unique UUID assigned to the organization when it is created.

    logoUri string

    The URI of the logo to display when showing organizations.

    name stringrequired

    The name of the organization.

  • ]

    • otpDeliveryInfo

    object

    OTPDetails

    availableOTPDelivery string[]

    Possible values: [EMAIL, SMS, VOICE]

    The available delivery types.

    otpContactValues

    object[]

    The available OTP contact values types.

  • Array [

    • name string

    Name of the attribute.

    type string

    Possible values: [EMAIL, SMS, VOICE]

    Type of the OTP delivery attribute.

    value string

    Masked attribute value.

  • ]

    • otpDefaultDelivery string

    Possible values: [EMAIL, SMS, VOICE]

    The default delivery type.

    otpDeliveryAttribute string

    The name of default OTP delivery attribute.

    otpDeliveryType string

    Possible values: [EMAIL, SMS, VOICE]

    The OTP delivery type used.

    passwordResetAllowed boolean

    Flag to indicate if the user can initiate a password reset flow.

    registrationRequired boolean

    Flag to indicate if the user has to register authenticators.

    supportsSignature boolean

    Flag to indicate if the user has a token that supports signature.

    tempAccessCodeChallenge

    object

    Information about the temporary access code settings.

    adminContact string

    An optional admin contact value (like an admin email address or phone number) to be displayed in the admin contact message.

    enableAdminContact boolean

    Indicates if the admin contact message should be displayed for this challenge.

    time int64
    token string

    tokenChallenge

    object

    If the authentication challenge is of offline token, the TokenChallenge object will contain the QR codes can be scanned by the mobile app.

    token

    object[]

    required

    The token challenge contains a list of TokenInfo objects for each of the token that can be used to authenticate. In the case of an offline QR code challenge, a TokenInfo object includes the QR code.

  • Array [

    • label string

    Optional label to identify an assigned token: a String up to 100 characters.

    qrCode string

    The base-64 encoded QR code. This QR code can be scanned by the Entrust Identity mobile application to perform activation in the case of an offline QR code challenge.

    qrCodeUrl string

    The URL based QR code string. In the case of an offline QR code challenge, this string can be used to generated the base-64 encoded QR code.

    serialNumber string

    The serial number of the token.

  • ]

    • tokenDetails string[]

    For a token or token push authenticator challenge, provides a list of serial numbers of the tokens that can be used to authenticate.

    tokenPushMutualChallenge string

    The token push authentication mutual challenge.

    userMachineSettings

    object

    UserMachineSettings

    attributeExclusions string[]

    List of device fingerprinting attributes that should not be collected when a device fingerprint is captured.

    deviceFingerprintRequired boolean

    Indicates whether a device fingerprint should be captured during machine registration or authentication

    machineAuthenticatorEnabled boolean

    machineAuthenticatorEnabled

    userMachineAuthenticators

    object[]

    List of Machine Authenticators that the user currently has--used to prevent duplicated labels.

  • Array [

    • expiryTime date-time

    When this machine secret expires in UTC time

    id stringrequired

    Identifies the device/machine

    label stringrequired

    Identifies the device/machine from the end-user point of view

    lastUsedTime date-time

    When this machine secret was last used

    registrationTime date-timerequired

    When this machine secret was created in UTC time

  • ]

    • verificationRequired boolean

    Flag to indicate if the user has to verify.

Loading...