Frequently Asked Questions
Q: What is Nevis ID?
A: Nevis ID is a Customer Identity and Access Management (CIAM) solution offered as a Software-as-a-Service (SaaS) product. To read more about the core concept and capabilities, please, refer to the documentation.
Q: What is the Example project?
A: The Example project is a pre-configured set of patterns that showcases the main onboarding and authentication capabilities of Nevis ID out-of-the-box.
Q: What domain names are in use in the Example project?
A: To support test and production usage, Nevis creates two environments by default: “live” and “test”. For convenience, “live” environment is not specified in the domain name, but other environments are. Within the environments there are a couple of different use-cases available under different domains:
Nevis ID Management use-case
- to access the management interface of Nevis ID, use the custom URL as follows:
https://manage-{environment}.{instance}.getnevis.net, for instance:- live:
https://manage.abc123.getnevis.net - test:
https://manage-test.abc123.getnevis.net
- live:
- to access the management interface of Nevis ID, use the custom URL as follows:
End-user use-cases
- to access example web applications to test different onboarding and authentication workflows, use the custom URL as follows: https://login-{environment}.{instance}.getnevis.net. Note that there are dedicated endpoints to the Example web applications. For instance:
- passwordless authentication and onboarding flows (see details)
- live:
https://login.abc123.getnevis.net/demo/app - test:
https://login-test.abc123.getnevis.net/demo/app
- live:
- credential intelligence authentication and onboarding flow (see details)
- live:
https://login.abc123.getnevis.net/demo/password-app - test:
https://login-test.abc123.getnevis.net/demo/password-app
- live:
- a web application to perform a SAML SP-initiated authentication flow where Nevis Identity Platform acts as both IdP and SP:
- live:
https://login.abc123.getnevis.net/demo/saml - test:
https://login-test.abc123.getnevis.net/demo/saml
- live:
- a self-service profile management application (see details)
- live:
https://login.abc123.getnevis.net/profile - test:
https://login-test.abc123.getnevis.net/profile
- live:
- passwordless authentication and onboarding flows (see details)
- to access example web applications to test different onboarding and authentication workflows, use the custom URL as follows: https://login-{environment}.{instance}.getnevis.net. Note that there are dedicated endpoints to the Example web applications. For instance:
API use-case
- to access the Nevis Identify Platform with an API client reach the domain name should be constructed as
https://api-{environment}.{instance}.getnevis.net, for instance:- live:
https://api.abc123.getnevis.net - test:
https://api-test.abc123.getnevis.net
- live:
- To read more about how to use the API, visit the API usage page.
- to access the Nevis Identify Platform with an API client reach the domain name should be constructed as
Q: What virtual hosts and authentication realms are available in the Example project?
A: The virtual host host-api exposes Nevis APIs in the api-realm. This includes the REST APIs of nevisIDM, nevisMeta, and nevisAdmin. The domain is set by the inventory variable domain-api.
- The value of this inventory variable should not be changed by the partner without involving Nevis Support. The ingress generation is enabled but the additional layer in front (Cloudflare) cannot be changed from nevisAdmin.
- In order to call APIs you need to possess a bearer token. Details can be found on the API usage page.
The virtual host host-customer provides end user use cases, all contained within the default-realm. There are several endpoints that can be used for testing:
- An example web application on /demo/app/
- An example web application for credential intelligence on /demo/password-app/
- An example web application for a SAML Service Provider with a SAML SP-initiated flow on /demo/saml (also connecting to the “demo-sp-realm”)
- An example web application for self-service profile management on /profile/
- An OIDC Provider on /oauth/authorize, details can be found here: OAuth 2.0 / OpenID Connect
The virtual host host-admin exposes the nevisIDM Admin GUI and the nevisMeta Web Console. Authentication for these applications is provided by the admin-realm.
Q: What are the naming conventions in the patterns?
A: Pattern names are short, lowercase, and the “-” (dash) character is used as separator. Instance patterns have a well-known service name. Examples: proxy, auth, etc.
Patterns associated with the instance use that service name as a prefix. Examples: auth-log.
Respective steps in patterns in authentication flows in a realm also typically have prefixes to express which sub-flow they are in. This makes it easier to navigate in nevisAdmin. Example:
- login-
- signup-
- onboard-
- onboard steps occur at the end of the flow and are shared by login and signup. They are the common end of the authentication flow and ensure that users have a chance to set up the required credentials (e.g. passkey and OATH).
For patterns that display messages the following prefixes are used:
- error-
- error-existing-account
- error-etan
- error-missing-account
- error-contact-support
Some step patterns have well-known names as well:
- auth-done
- signup-button
Q: What customization options are there with API access?
A: You have two technology options to choose from when you configure API access: to use REST or SOAP access. Using the Scripted/REST access is selected by default and it is recommended to use due to better performance. If you want to change it, select Customization then Configuration and search the “api-realm” pattern. In the “Initial Authentication Flow” select one of the two options:
- For XML / SOAP access
- select the
check-token-step (Generic Authentication Step)pattern (uses standard nevisIDM AuthState classes which call the nevisIDM SOAP API)
- select the
- For Scripted / REST access:
- select the
check-token-step (Groovy Script Step)pattern (uses a Groovy script to call the nevisIDM REST API)
- select the
Q: How to change the logo on the login screen?
A: Login to the management interface of Nevis ID,
- Go to Customization > Configuration.
- In the Overview menu, find the pattern named “default-realm” for the passwordless use-cases or the “password-realm” for the credential intelligence use-case.
- Select the “Login template” tab and find the “Company logo” option to upload a new logo file with an appropriate size (e.g. 50x50 pixels or bigger).
- Save the changes.
- Deploy the project.
Q: How to turn off eTAN test mode?
A: For easier test purposes, the Example project is pre-configured with eTAN (electronic transaction authorization number) in test mode, meaning, whenever the email-based verification is required, then there’s no email sent but a fixed verification code can be used (“111111”). If you want to use codes sent via email, then you must turn off the test mode.
- Login to the management interface of Nevis ID.
- Go to Customization > Infrastructure.
- In the “Inventory Editor” search for “email-testing” and change its value to “disabled”.
- Save the changes.
- Deploy the project.
Q: How to customize the Signicat e-ID integrations?
A: See Integration with Signicat e-ID Hub “Required changes to make it work in your environment” section.
Q: How to customize Google SSO integration?
A: See Social Login with Google “Required changes to make it work in your environment” section.
Q: How to remove social or e-ID login buttons on the login screen?
A: Login to the management interface of Nevis ID,
- Go to Customization > Configuration.
- In the Overview menu, find the pattern named “login-screen”.
- On the “Basic Settings” tab, find the “Buttons” section and remove buttons that are not required in your environment by clicking the “x” button on the right side.
- Save the changes.
- Deploy the project.
