Authentication and Identity

Authentication is the process of verifying the identity of a user to restrict access to a software system.

The Socotra Insurance Suite provides multiple authentication options for users:

• Native Login - Authenticate through the Socotra Insurance Suite UI using login credentials managed by our software system.

• Single Sign-On (SSO) - Authenticate through an identity provider that supports SAML-based SSO or OIDC-based SSO, such as Azure AD, Okta, or Google SAML.

• Personal Access Token - Authenticate using a Personal Access Token (PAT).

Native logins and SSO logins result in the creation of a JWT (JSON Web Token) that contains a set of permissions assigned to a user. JWTs expire after a certain amount of time, requiring users to receive a new JWT to reauthenticate.

Users can authenticate API requests using a PAT instead of login credentials. PATs function similarly to JWTs, but users can configure PAT details, including permissions, tenants, and token expiration date.

API endpoints support all authentication options. Regardless of which authentication method is used, once a user receives a token, this token can be used to authenticate API requests.

Best Practices

Native login and SSO should only be used by humans logging in through the Socotra Insurance Suite UI or authenticating API requests through Postman. Software integrations, scripts, and AI agents should only use PATs for authentication.

We highly recommend requiring users to change their credentials every 30 to 90 days in production environments.

Next Steps

• Role-Based Access Control (RBAC)

See Also

• Log Into Socotra

• Single Sign-On (SSO)

• Personal Access Tokens

• Create a User

• Password Policies

• Passwords API