Organization Client

Directory Management

The Organization Client manages Directories, their SDK Keys, and their Public Keys. The Organization Client can be obtained from the appropriate factories.

Creating a Directory

The Create Directory method creates a Directory. The method takes the Directory name as the single argument. The method returns a UUID as the Directory ID for all further interactions regarding the Directory created.

Example:

Guid id = client.createDirectory("My Directory Name");

Get a Directory

The Get Directory method retrieves a single Directory. The method takes the Directory ID as the single argument.

Example:

var directory = client.getDirectory(directoryId);
Console.WriteLine("    ID: " + directory.Id);
Console.WriteLine("    Name: " + directory.Name);
Console.WriteLine("    Active: " + directory.Active);
Console.WriteLine("    Service IDs: " + directory.ServiceIds);
Console.WriteLine("    SDK Keys: " + directory.SdkKeys);
Console.WriteLine("    Android Key: " + directory.AndroidKey);
Console.WriteLine("    IOS Certificate Fingerprint: " + directory.IosCertificateFingerprint);
Console.WriteLine("    Denial Context Inquiry Enabled: " + directory.DenialContextInquiryEnabled);
Console.WriteLine("    Webhook URL: " + directory.WebhookUrl);

Get All Directories

The Get All Directories method retrieves a list of all Directory items. The method does not take any arguments. The example below provides a loop in order to print all items and their current attributes.

Example:

var directories = client.GetAllDirectories();
foreach(var directory in directories)
{
    Console.WriteLine("    ID: " + directory.Id);
    Console.WriteLine("    Name: " + directory.Name);
    Console.WriteLine("    Active: " + directory.Active);
    Console.WriteLine("    Service IDs: " + directory.ServiceIds);
    Console.WriteLine("    SDK Keys: " + directory.SdkKeys);
    Console.WriteLine("    Android Key: " + directory.AndroidKey);
    Console.WriteLine("    IOS Certificate Fingerprint: " + directory.AndroidKey);
    Console.WriteLine("    Denial Context Inquiry Enabled: " + directory.DenialContextInquiryEnabled);
    Console.WriteLine("    Webhook URL: " + directory.WebhookUrl);
}

Get a List of Directories

The Get Directories method retrieves a list of specific Directory objects. The method takes a list of Directory IDs as the single argument. The example below provides a loop in order to print all objects and their current attributes.

Example:

var directories = client.GetDirectories(directoryIds);
foreach(var directory in directories)
{
    Console.WriteLine("    ID: " + directory.Id);
    Console.WriteLine("    Name: " + directory.Name);
    Console.WriteLine("    Active: " + directory.Active);
    Console.WriteLine("    Service IDs: " + directory.ServiceIds);
    Console.WriteLine("    SDK Keys: " + directory.SdkKeys);
    Console.WriteLine("    Android Key: " + directory.AndroidKey);
    Console.WriteLine("    IOS Certificate Fingerprint: " + directory.AndroidKey);
    Console.WriteLine("    Denial Context Inquiry Enabled: " + directory.DenialContextInquiryEnabled);
    Console.WriteLine("    Webhook URL: " + directory.WebhookUrl);
}

Updating a Directory

The Update Directory method updates a Directory. The method takes five arguments: 1) the Directory ID, 2) the active flag, 3) the Android Push Key, 4) the Apple Push Notification Service (APNS) push certificate with the Private Key (in P12 format without a password), 5) the Denial Context Inquiry Enabled flag, and 6) the Directory webhook URL. It does not return a value.

Example:

client.UpdateDirectory(directoryId, true, "abcd1234567890", apnsCert, true, "https://my.website.com/webhook/directory");

Removing a Directory

A Directory cannot be removed via the TruValidate Multifactor Authentication API. However, the Directory can be set to inactive via the TruValidate Multifactor Authentication API. The only way to remove a Directory is via the Admin Center.

Authenticator SDK Key Management

Generate and Add an SDK Key

The Generate and Add Directory SDK Key method generates a new SDK key and adds it to the list of valid SDK keys for a Directory. The method takes a single argument: the Directory ID for the Directory that requires a new additional SDK Key. The method returns the newly generated and added SDK Key.

Example:

var sdkKey = client.GenerateAndAddDirectorySdkKey(directoryId);
Console.WriteLine("New SDK Key: " + sdkKey);

Get all SDK Keys

The Get All Directory SDK Keys method retrieves all of the current valid SDK Keys for a Directory. The method takes a single argument: the Directory ID for the Directory with the SDK Keys. The method returns the list of SDK Keys. The example below provides a loop in order to print all keys.

Example:

var sdkKeys = client.GetAllDirectorySdkKeys(directoryId);
Console.WriteLine("SDK Keys:");
for (var sdkKey in sdkKeys)
{
    Console.WriteLine(sdkKey);
}

Remove an SDK Key

The Remove Directory SDK Key method removes an SDK Key from a Directory. The method takes two arguments: 1) the Directory ID and 2) the SDK Key you wish to remove. It does not return a value.

Example:

client.RemoveDirectorySdkKey(directoryId, sdkKey);

Public Key Management

Add a Public Key

The Add Directory Public Key method adds a Public Key to a Directory. The method takes four arguments: 1) the Directory ID, 2) the Public Key, 3) the active flag, and 4) the date that the the public key will expire. It returns a Key ID for all further interactions regarding the Public Key created.

Note

Supplying a null value for the expiration date will prevent the Public Key from expiring.

Example:

keyId = client.AddDirectoryPublicKey(directoryId, publicKey, false, null);

Update a Public Key

The Update Directory Public Key method updates a Public Key for a Directory. The method takes four arguments: 1) the Directory ID, 2) the Key ID, 3) the active flag, and 4) the date that the public key will expire. It does not return a value.

Example:

client.UpdateDirectoryPublicKey(directoryId, keyId, false, null);

Remove a Public Key

The Remove Directory Public Key method removes a Public Key from a Directory. The method takes two arguments: 1) the Directory ID and 2) the Key ID. It does not return a value.

Note

Every entity must have at least one Public Key. You cannot remove the last Public Key for an entity. However, you can deactivate any Public Key by setting the active flag to false.

Example:

client.RemoveDirectoryPublicKey(directoryId, keyId);

Service Management

Creating a Service

The Create Service method creates a Service Profile. The method takes five arguments: 1) the Service name, 2) a description, 3) an icon image URL, 4) a webhook callback URL, and 5) the active flag for the Service. The method returns a UUID as the Service ID for all further interactions regarding the Service created.

Example:

var serviceId = client.CreateService(
    "My Unique Service Name",
    "My Service Description",
    URI.create("https://my.com/icon.png"),
    URI.create("https://my.com/launchkey-callback"),
    true
);

Get a Service

The Get Service method retrieves a single Service Profile. The method takes the Service ID as the single argument.

Example:

var service = client.GetService(serviceId);
Console.WriteLine("  " + service.Id + ":");
Console.WriteLine("    Name:    " + service.Name);
Console.WriteLine("    Desc:    " + service.Description);
Console.WriteLine("    Icon:    " + service.Icon);
Console.WriteLine("    Created: " + service.CallbackURL);
Console.WriteLine("    Active:  " + service.Active);

Get All Services

The Get All Services method retrieves a list of all Service Profile items. The method does not takes any arguments.

Example:

var services = client.GetAllServices();
for (var service in services)
{
    Console.WriteLine("  " + service.Id + ":");
    Console.WriteLine("    Name:    " + service.Name);
    Console.WriteLine("    Desc:    " + service.Description);
    Console.WriteLine("    Icon:    " + service.Icon);
    Console.WriteLine("    Created: " + service.CallbackURL);
    Console.WriteLine("    Active:  " + service.Active);
}

Get a List of Services

The Get Services method retrieves a list of specific Service Profile items. The method takes a list of Service IDs the single argument. The example below provides a loop in order to print all items and their current attributes.

Example:

var services = client.GetServices(serviceIds);
for (var service in services)
{
    Console.WriteLine("  " + service.Id + ":");
    Console.WriteLine("    Name:    " + service.Name);
    Console.WriteLine("    Desc:    " + service.Description);
    Console.WriteLine("    Icon:    " + service.Icon);
    Console.WriteLine("    Created: " + service.CallbackURL);
    Console.WriteLine("    Active:  " + service.Active);
}

Updating a Service

The Update Service Method updates a Service Profile item. The method takes five arguments: 1) the Service ID, 2) the Service name, 3) a description of the Service, 4) an icon image URL, 5) a webhook callback URL, and 6) the active flag for the Service. It does not return a value.

Example:

client.UpdateService(
    serviceId,
    "My Unique Service Name",
    "My Service Description",
    URI.create("https://my.com/icon.png"),
    URI.create("https://my.com/launchkey-callback"),
    true
);

Removing a Service

A Service cannot be removed via the TruValidate Multifactor Authentication API. However, the Service can be set to inactive via the TruValidate Multifactor Authentication API. The only way to remove a Service is via the Admin Center.

Public Key Management

Add a Public Key

The Add Public Key Method adds a Public Key to a Service Profile. The method takes four arguments: 1) the Service ID, 2) the Public Key, 3) the active flag for the Service, and 4) the date in which the public key will expire. It returns a Key ID tied to all further interactions regarding the Public Key created.

Note

Supplying a null value for the expiration date will prevent the Public Key from expiring.

Example:

var keyId = client.AddServicePublicKey(serviceId, publicKey, false, null);

Update a Public Key

The Update Service Public Key method updates a Public Key for a Service Profile. The method takes four arguments: 1) the Service ID, 2) the Key ID, 3) the active flag for the Service, and 4) the date in which the public key will expire. It does not return a value.

Example:

client.UpdateServicePublicKey(serviceId, keyId, false, null);

Remove a Public Key

The Remove Service Public Key method removes a Public Key from a Service Profile. The method takes two arguments: 1) the Service ID and 2) the Key ID. It does not return a value.

Note

Every entity must have at least one Public Key. As such, you cannot remove the last Public Key for an entity. However, you can deactivate any Public Key by setting the active flag to false.

Example:

client.RemoveServicePublicKey(serviceId, keyId);

Policy Management

Creating a Policy Object

A Policy can be based on a number of authorization factors or by requiring individual types of authorization factors. Examples of various scenarios follow.

Fences

Fences allow for creating location-based limits that the device will evaluate to determine its compliance to a given policy. All policies (other than a Conditional GeoFence Policy) will fail if the device responding to an authorization request is not within one of the policy’s fences. Fences can be either GeoCircleFence, which creates a fence of a particular radius around a point described via latitude and longitude, or a TerritoryFence, which is described via a country, optional administrative area, and optional postal code. The country value must be an ISO 3166-1 Alpha-2 code. The administrative area value must be an ISO 3166-2 code. The postal code must be a recognized postal code. In the U.S.A., it must be the five (5) digit code rather than the nine (9) digit “Zip+4”.

Example:

Policy policy = new MethodAmountPolicy(fences=new List<Fence> {
    new GeoCircleFence("Portland", 1000.0, 45.522187, -122.676291),
    new TerritoryFence("US", "US-NV", "89169", "Las Vegas")
});
Device Integrity

Device integrity can prevent devices whose integrity has been compromised from responding to an authorization request. Devices can be identified as rooted/jailbroken or am emulator/simulator. Each policy type allows for the attribute deny rooted jailbroken. All policies (except legacy policies) allow for the attribute deny emulator simulator.

Example:

var policy = new MethodAmountPolicy(denyRootedJailbroken: true, denyEmulatorSimulator: true);
Legacy Policy Objects

Warning

Legacy Policy Objects are required for TruValidate Multifactor Authentication Mobile Authenticator SDK versions prior to 4.9.0. The ability to send Legacy Policy objects will be removed at a future date. The LegacyPolicy class will be removed from the Service SDKs prior to the support being removed entirely.

Example:

fences = [
    GeoCircleFence("Portland", 1000.0, 45.522187, -122.676291)
]
var policy = new LegacyPolicy(amount=2, inherence_required=false, knowledge_required=false,
        possession_required=false, deny_rooted_jailbroken=true, fences=fences);
Method Amount Policies

Method amount policies allow you to require a number of authentication methods in your policy:

var policy = new MethodAmountPolicy(2);
Factors Policies

Factors policies allow you to require specific authentication factors:

var policy = new FactorsPolicy(
        knowledgeRequired: true,
        inherenceRequired: true,
        possessionRequired: false);
Conditional Geo-Fence Policies

Conditional policies allow you to require a secondary policy based on the responding Device being inside one or outside all of the provided Fences. The secondary policies must be either a MethodAmountPolicy or a FactorsPolicy. The secondary policies cannot have deny emulator simulator or deny rooted jailbroken set to true.

var policy = new ConditionalGeoFencePolicy(
        denyRootedJailbroken: true,
        denyEmulatorSimulator: true,
        fences=new List<Fence> {
            new GeoCircleFence("Portland", 1000.0, 45.522187, -122.676291),
            new TerritoryFence("US", "US-NV", "89169", "Las Vegas")
        },
        inside=new FactorsPolicy(
                knowledgeRequired: true,
                inherenceRequired: true,
                possessionRequired: false),
        outside=new MethodAmountPolicy(2)
);

Set the Policy

The Set Service Policy method sets the Policy for a Service. The method takes two arguments: 1) the Service ID and 2) the Policy. It does not return a value.

Example:

client.SetAdvancedServicePolicy(serviceId, policy);

Get a Policy

The Get Advanced Service Policy method retrieves the Policy for a Service. The method takes the Service ID as the single argument. It returns the Policy or null (if no Policy exists).

Example:

var policy = client.GetAdvancedServicePolicy(serviceId);
Fence[] fences = null
bool? preventJailBrokenRooted = null;
bool? preventSimulatorEmulator = null;

if policy instanceof LegacyPolicy:
    LegacyPolicy legacyPolicy = (LegacyPolicy) policy;
    Console.WriteLine("Required Factors:     " + legacyPolicy.RequiredFactors);
    Console.WriteLine("Inherence Required:   " + legacyPolicy.RequireInherenceFactor);
    Console.WriteLine("Knowledge Required:   " + legacyPolicy.RequireKnowledgeFactor);
    Console.WriteLine("Possession Required:  " + legacyPolicy.RequirePossessionFactor);
    Console.WriteLine("Jailbreak Protection: " + legacyPolicy.JailbreakDetection);
    Console.WriteLine("Time Fences:");
    for (var timeFence in legacyPolicy.TimeFences)
    {
        Console.WriteLine("  " + timeFence.Name + ":");
        Console.WriteLine("    Days:  " + timeFence.Days);
        Console.WriteLine("    Start: " + timeFence.StartHour + ":" + timeFence.StartMinute);
        Console.WriteLine("    End:   " + timeFence.EndHour + ":" + timeFence.EndMinute);
        Console.WriteLine("    TZ:    " + timeFence.TimeZone);
    }
    fences = legacyPolicy.fences;
elif policy instanceof MethodAmountPolicy:
    MethodAmountPolicy methodAmountPolicy = (MethodAmountPolicy) policy;
    Console.WriteLine("Required Factors:     " + methodAmountPolicy.RequiredFactors);
    fences = methodAmountPolicy.Fences;
    preventJailBrokenRooted = methodAmountPolicy.PreventJailBrokenRooted;
    preventSimulatorEmulator = methodAmountPolicy.PreventSimulatorEmulator;
elif policy instanceof FactorTypesPolicy:
    FactorTypesPolicy factorTypesPolicy = (FactorTypesPolicy) policy;
    Console.WriteLine("Inherence Required:   " + factorTypesPolicy.RequireInherenceFactor);
    Console.WriteLine("Knowledge Required:   " + factorTypesPolicy.RequireKnowledgeFactor);
    Console.WriteLine("Possession Required:  " + factorTypesPolicy.RequirePossessionFactor);
    fences = methodAmountPolicy.Fences
    preventJailBrokenRooted = methodAmountPolicy.PreventJailBrokenRooted;
    preventSimulatorEmulator = methodAmountPolicy.PreventSimulatorEmulator;
elif policy instanceof ConditionalGeoFencePolicy:
    ConditionalGeoFencePolicy conditionalGeoFencePolicy = (ConditionalGeoFencePolicy) policy;
    Console.WriteLine("Inside Policy:     " + typeof(conditionalGeoFencePolicy.Inside));
    Console.WriteLine("Outside Policy:    " + typeof(conditionalGeoFencePolicy.Outside));
    fences = conditionalGeoFencePolicy.Fences
    preventJailBrokenRooted = conditionalGeoFencePolicy.PreventJailBrokenRooted;
    preventSimulatorEmulator = conditionalGeoFencePolicy.PreventSimulatorEmulator;

if preventJailBrokenRooted != null:
    Console.WriteLine("Prevent Jail Broken/Rooted: " + preventJailBrokenRooted);
if preventSimulatorEmulator != null:
    Console.WriteLine("Prevent Simulator/Emulator: " + preventSimulatorEmulator);

Console.WriteLine("Fences:");
for (var fence in fences) {
    if fence instanceof CircleGeoFence:
        Console.WriteLine("  " + fence.Name + ":");
        Console.WriteLine("    Latitude:    " + fence.Latitude);
        Console.WriteLine("    Longitude:   " + fence.Longitude);
        Console.WriteLine("    Radius:      " + fence.Radius);
    else:
        Console.WriteLine("  " + fence.Name + ":");
        Console.WriteLine("    Country:     " + fence.Country);
        Console.WriteLine("    Admin Area:  " + fence.AdministrativeArea);
        Console.WriteLine("    Postal Code: " + fence.PostalCode);
}

Remove the Policy

The Remove Advanced Service Policy method removes the Policy for a Service. The method takes the Service ID as the single argument. It does not return a value.

Example:

client.RemoveServicePolicy(serviceId);

User Contributed

TransUnion links to user contributed code as a resource to its community. TransUnion does not in any way guarantee or warrant the quality and security of these code bases. User contributed code is supported by the creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any way, please report that link to TransUnion immediately and we will investigate the claim. Submit any issue to TransUnion support at https://transunion.com/support. ×