1Kosmos BlockID

1Kosmos BlockID leverages advanced biometrics authentication as well as Blockchain technology to verify the identity of anyone who needs to access any of your systems and applications. To authenticate, usernames and passwords are eliminated and replaced by the user’s advanced biometrics. Thus, you can be sure that your employees and customers are who they say they are, always.

To leverage BlockID for your workforce dramatically increases security and productivity, while lowering risks, costs and hassles that go with managing passwords as well as 2FA, MFA and most passwordless solutions.

Enhance customer experience by eliminating the friction of manual registration and usernames and passwords while increasing security and privacy and reducing the risk of regulatory non-compliance. With BlockID, you achieve KYC compliance without all the costs and hassles.

Auth0 leverages BlockID to enhance its authentication and authorization functionality by reaching NIST IAL3 and AAL3 as well as W3C, eIDAS and GDPR compliance.

The BlockID solution provides a platform that resolves the root cause for IT expenditure, employee frustration, and large-scale breaches – usernames and passwords. BlockID provides a password-less and credential-less platform that is easy to deploy and intuitive to the user. The platform provides users with the ability to utilize their proofed identity as well as their various personas to authenticate into applications protected by Auth0.

This guide will explain the necessary steps to configure the integration into Auth0.

Prerequisites

To setup the BlockID connection, you will need:

• An Auth0 tenant. You can sign up for free here.
• A 1Kosmos BlockID account. You can start a free trial here.

Set up Auth0 app in BlockID

To configure a BlockID connection, you will need to register Auth0 with BlockID.

First, add a new application by logging into your BlockID tenant and going to Federation. Click on OpenID Connect, then on Register New Client.

On the Register New Client page, fill out the form with the following information, modify the values to reflect your application.

• Client Name - The name of this application, like "Auth0."
• Redirect URI - The redirect URI for your Auth0 tenant, like https://<YOUR_AUTH0_DOMAIN>/login/callback. Your Auth0 domain is your custom domain, if one is configured, or your tenant name and maybe a region plus auth0.com. More information on Auth0 tenant domains here.
• Home Page URL - A home page URL to be displayed to your logging-in users.

On registering the client, please select the client and then click on Whitelist. You will need to whitelist the client in order to enable the integration.

Next, click the Add New Scopes button to define the scopes for your new client. Then go to the Grant Types section and select the grant type for the new client. For instructions on defining scopes or grant types, please refer to docs.1kosmos.com/.

Finally, proceed to the Response Types section and select code.

Once the application is registered, your app's Client ID and Client Secret will be available by clicking into the client. Make a note of these values or leave the tab open as you will need them to configure Auth0.

Create and enable BlockID Connection in Auth0

The last step is to add the BlockID Connection to Auth0.

Click Add Integration at the top of this page and select the tenant to use. We always recommend trying out changes in a test or development environment first before going live in production. More about environment-specific tenants is here.

Enter the Client ID and Client Secret obtained in the previous step.

Next, select the Permissions to request during login. This will determine what user profile information will be saved to Auth0 from BlockID.

Finally, enter your BlockID Tenant URL. You can obtain this URL within the welcome email that you received from BlockID. The tenant URL is also the URL that you use to login into BlockID. For example, if you login to https://orgA.1kosmos.net/default/login, your Tenant URL is https://orgA.1kosmos.net. Make sure you do not include a trailing "/" in this value.

Test Connection

You're now ready to test this Connection.

Troubleshooting

If you are receiving Access Denied (error code 403) when using the BlockID login method, you have probably not whitelisted the client or the redirect URI has not been specified properly.