User Login via OCEAN's Identity Provider
- Nina Kovač
User login via OCEAN’s IdP happens on public clients which are the applications running in a web browser or on a mobile device. These clients use the standard login form provided by the Identity Provider to authenticate users.
Supported Login Options
Partners can offer three different authentication types to their end users to access their Ocean’s products, supporting Single Sign-on which enables users to access multiple applications with a single set of credentials:
User email & password
Social Sign-On
Federation Sign-On
User being in the role of an operator and fleet manager can seamlessly navigate from one portal to other without having to enter credentials multiple times.
Email & Password
Verify the identity of users securely. Passwords are most common method, implementing multi-factor authentication MFA adds security.
Social Sign-On
You can choose between multiple social sign-ons:
Federation Sign-On
Integrating identity management across different domains or organizations.
Existing company identity management system integration (supporting OAuth 2.0, SAML).
Multi-Factor Authentication
Ocean’s IdP offers Multi-Factor Authentication (MFA). If configured, MFA will be required after inserting user credentials.
Supported MFAs:
Microsoft authenticator
Google authenticator
Free OTP
2FA using phone number and SMS is not supported at the moment. For other types of MFA, please contact your sales representative.
Successful Authentication
If the credentials are valid and any additional checks (like MFA) pass, the user is authenticated. The Identity Provider redirects the user to the application with an authentication token.
User Authentication using External IdP
When using External IdP, external provider validates the user's credentials. Upon successful authentication, the external provider redirects the user back to the Identity Provider with an authentication token. The Identity Provider exchanges the external provider’s authentication token for a local access token. This process involve verifying the token and mapping external user data to the local user profile.
Failure Handling
If authentication fails, the user is presented with an error message and given the opportunity to try again. User can also reset his password or chooses different sign-on method if applicable.
After multiple failed attempts using standard login (email & password), the user may be temporarily locked out or required to complete additional verification.
Flow diagram
Following diagram summarizes public client login flow:
Standard login: login using user name and password
External identity provider: login using Federation or Social Sign-On