Set it up
On this page, you can learn about how to set up the Authentication Vault in the Signicat Dashboard.
The Authentication Vault can help you store records obtained from connections with the following protocols:
- OpenID Connect (OIDC)
- Authentication REST API (only redirect flow)
Note that no data is stored for transactions with SAML 2.0.
Prerequisites
If you do not have an account already, then you need to sign up to the Signicat Dashboard for free and complete the initial preparations. To do this:
- Sign up to the Signicat Dashboard and register your profile.
- Ensure that you have created an organisation.
- Create an account. To do this:
- Go to Signicat Dashboard > Organisation, then select + Add account.
- Enter an account name, choose the type of account that you want to create, then select Create.
- Create a domain. To do this:
- Go to Signicat Dashboard > Settings > Domains, then select + Add domain.
- To create a standard domain, enter a domain name. Then, select Add domain.
- To create a custom domain, follow the instructions in the Custom domains documentation.
We recommend that you create a sandbox account to test our services before going live. Sandbox and production accounts must be set up separately.
To use the Authentication Vault in a production account, you need to first purchase it. When you are ready to do this, contact us by creating a support ticket in the Dashboard.
Permissions
Since authentication data contains personally identifiable information (PII) of the end-users, the data is stored in DEM using sensitive records. For this reason, you should manage access to the records in the Dashboard appropriately.
To view, edit and create records from the Authentication Vault, users in the Signicat Dashboard require at least one of the following permissions:
- DemSensitiveViewer: Access to read sensitive records in DEM.
- DemSensitiveWriter: Access to read and write sensitive records in DEM.
- DemSensitiveEditor: Access to read, write and update sensitive records in DEM.
To provision these permissions in the Signicat Dashboard, go to Dashboard > Access Management > Permissions page. You can learn more about role management in our Managing roles and permissions documentation.
There are more permissions to choose from when handling DEM records, as explained in the DEM documentation.
Configuration
To enable and configure the Authentication Vault in your Signicat account, do the following:
- Go to Dashboard > Products > eID and Wallet Hub.
- In the left sidebar menu, select Authentication Vault.
- In the Authentication Vault configuration page, set the following attributes:
Attribute Description Status Toggle to enable/disable the Authentication Vault product. Time to live (TTL) Number of time units (in digits) to store the records for. Must be between 2 days and 84 months. Unit Time unit. Choose between "Days" and "Months". Selected authentication providers Choose for which eIDs to store data. You must select at least one. Obfuscate NIN Determines whether to show or obfuscate the national identity number (NIN) of the end-user. If ticked, NIN is obfuscated. NoteThese settings apply only to the Authentication Vault product and do not affect the global configuration of Digital Evidence Management (DEM) in your account. You manage, activate and configure the DEM product separately.
- Select Save to save the configuration. This will enable the Authentication Vault in your Signicat account.
Your configuration might look like this:
Authentication Vault in the Signicat Dashboard
Once you have activated the Authentication Vault, the data is automatically stored in the DEM database for all future authentication sessions for the eIDs you have configured. Then, the records become readily available for you to view in the Signicat Dashboard.
Next steps
You are now ready to try an authentication test run and manage your records.