User Roles for AuthNull

AuthNull supports two primary roles while registering a user.

  1. Admin: Admin controls privileged access, manages the connections to endpoints and issues Verifiable Credentials . They enforce access policies, granting privileges only to authorized users on a need-to-know basis. Admins provision, deprovision, and regularly review access rights, monitoring activities for potential threats. Their abilities include but is not limited to:

    • Giving Access to other admins for the AuthNull

    • Accessing the admin view of AuthNull.

    • Importing the Active Directory Users via an LDIF or CSV file.

    • Issuing the wallet to a Directory User. (Automatically done while importing)

    • Issuing Active Directory Credential as a VC. (Automatically done while importing)

    • Assigning Group to a Directory User.

    • Defining Group Policies for a Directory User.

    • Installing Endpoint agent inside an endpoint for onboarding an endpoint to the AuthNull.

    • Creating an Endpoint User via the AuthNull which is then syncronised back to the endpoint via the endpoint agent automatically.

    • Assigning or Reassigning an/another Endpoint User credential to a wallet via the AuthNull.

    • Checking out a user.

    • Customising the PAM.SO file for making alterations to the Authentication Flow for an endpoint.

    • Assigning DID to a Wallet user. (Automatically done while importing)

    • Rotating Credentials for an endpoint user.

    • Reseting credentials assigned for an endpoint user forcefully via the AuthNull.

    • Creating a group of multiple endpoints.

    • Adding User to a group of multiple endpoints.

    • Activating or Deactivating an onboarded endpoint via The Passwordless console.

    • Redefining the password policies which defines the guidelines for setting a password for an endpoint. (e.g setting the number of characters for password)

    • Forming a Credential Rotation Policy that is applied to an endpoint or endpoint group/s.

    • Assigning endpoint users to an endpoint. (which creates that particular endpoint user inside an endpoint if they are not already there.)

    • Adding a Jump Server.

    • Creating connections via the added jump server.

    • Assigning connection to a jump server mapped to an endpoint user.

    • Assigning wallet users to a connection.

    • View text or video recording for a given session of an endpoint user of an onboarded endpoint.

    • Adding a holder or issuer DID.

    • Viewing the credential assigned to an endpoint user.

    • Revoking the credential assigned to an endpoint user.

    • Viewing a verifiable credential schema.

    • Viewing and verifying a transaction log.

  2. End User : They are primarily the Directory users who access the endpoints assigned to them via the Passwordless console. They are also issued a wallet which holds their credential. Their abilities include but is not limited to:

    • Logging into an endpoint.

    • Registering for an end user wallet or the authenticator application.

    • Approving a login request for the assigned credential.

    • Viewing the end user console of the AuthNull.

    • Viewing the credentials assigned to them.

    • Viewing the Password or SSH key for an endpoint assigned to them. (if they have been provided the ability to do so by the admin.)

    • Viewing the list of verifiable credential assigned to them.

    • Viewing the endpoints assigned to them.