User Login via OCEAN's Identity Provider

User login via OCEAN’s IdP happens on public clients which are the applications running in a web browser or on a mobile device. These clients use the standard login form provided by the Identity Provider to authenticate users.

image-20241008-090325.png

Supported Login Options

Partners can offer three different authentication types to their end users to access their Ocean’s products, supporting Single Sign-on which enables users to access multiple applications with a single set of credentials:

  • User email & password

  • Social Sign-On

  • Federation Sign-On

image-20241008-091057.png

User being in the role of an operator and fleet manager can seamlessly navigate from one portal to other without having to enter credentials multiple times.

Email & Password

Verify the identity of users securely. Passwords are most common method, implementing multi-factor authentication MFA adds security.

Social Sign-On

You can choose between multiple social sign-ons:

Federation Sign-On

Integrating identity management across different domains or organizations.

  • Existing company identity management system integration (supporting OAuth 2.0, SAML).

Multi-Factor Authentication

Ocean’s IdP offers Multi-Factor Authentication (MFA). If configured, MFA will be required after inserting user credentials.

Supported MFAs:

  • Microsoft authenticator

  • Google authenticator

  • Free OTP

2FA using phone number and SMS is not supported at the moment. For other types of MFA, please contact your sales representative.

Successful Authentication

If the credentials are valid and any additional checks (like MFA) pass, the user is authenticated. The Identity Provider redirects the user to the application with an authentication token.

User Authentication using External IdP

When using External IdP, external provider validates the user's credentials. Upon successful authentication, the external provider redirects the user back to the Identity Provider with an authentication token. The Identity Provider exchanges the external provider’s authentication token for a local access token. This process involve verifying the token and mapping external user data to the local user profile.

Failure Handling

If authentication fails, the user is presented with an error message and given the opportunity to try again. User can also reset his password or chooses different sign-on method if applicable.

After multiple failed attempts using standard login (email & password), the user may be temporarily locked out or required to complete additional verification.

Flow diagram

Following diagram summarizes public client login flow:

Standard login: login using user name and password

External identity provider: login using Federation or Social Sign-On