Trivore Identity Service Documentation

Welcome to Trivore Identity Service (TIS) documentation

All technical public documentation located on this site. Please review the menu on the left for documentation main topics, such as:

• API Guide, including OpenID Connect and Management API

• Main functions of TIS

• Client SDK

• Management UI

Trivore Identity Service was previously known as onePortal (etymology on it is here). Today onePortal refers to the Management UI element of TIS. The name also exists in many places on the APIs.

Most important addresses to review

If you are new to TIS, the following links are important ones for you to get to understand what TIS is all about.

• This documentation website at https://doc.trivoreid.com/

• OpenAPI documentation for the architects and developers; latest development version is at https://devel3.t5.fi/apidoc/

• OpenID Connect Dynamic Discovery document; latest development version is at https://devel3.t5.fi/.well-known/openid-configuration (Firefox recommended)

• Management UI for mostly administrators and developers, but also end-users in some use cases. This is located at https://SERVERNAME/ui

• For additional OpenID-related and other paths on the SERVERNAME please visit URI Access Paths page.

TIS elements and architecture introduced

In addition to just an Identity Provider (IdP) or Identity and Access Management (IAM) service, TIS is also a development platform external applications and services are built on top of. Most of these applications and services tend to use user accounts and people's identities as an integral element in them. In addition they often utilise one or more of the TIS elements listed below.

• Trivore ID – This is the core of TIS, an OpenID Connect Certified OpenID Provider identity management with strong identification, multi-level KYC, GPDR-compliance, and 100+ user and identity related attributes

• Management API – REST API extending the scope of the platform with extensive Authorisations, multi-purpose Contracts, personal Wallets, personal Paycard storage, simple Subscriptions, and other line-of-business neutral functionality close to the personal data and identity.

  • General TIS APIs for user, group, role, datastorage, custom field, access control, etc. management.

  • APIs extending the identity with additional features, like Wallet, Paycards, Contracts, Subscriptions, and Authorisations.

  • APIs extending the platform base functionality with features like SSO configuration, sending email and text messages to verify personal information or for other purposes.

  • APIs integrating to external strong identity, corporate identity, authorisation, and related data considered master data in TIS.

  • Additional elements on external modules and services integrating to TIS. And example of this category is the Product and Pricing management. These modules are not normally deployed.

• Client SDK – Light-weight wrapper for developers to start using the Management API quickly and efficiently.

• Management UI – This is what is also known as onePortal to manage the service, tenants, namespaces, accounts, roles, groups, integrations, etc. End-users are not normally allowed to sign-in to this webui.

• Self-service UI – It is usually a good practise to allow for end-users to have access to their personal settings, own data, authorisations, contracts, and subscriptions via this or similar UI. This UI is made with Java using the Client SDK and Vaadin Flow 14, and the source code is available for customers.

• External user directories for use cases where the password master is not located in TIS, but in LDAP, ADDS, ADFS, or some other SAML-based user directory.

TIS main elements.