Our software documentation will help you troubleshoot issues or change configurations. These articles are created by our support team. The software documents are regularly updated and refined to make sure that you have access to the latest information.
Select category
Applications & Cluster
Authentication Flows
- Accept logons from users where password change is required
- Change expired password during login
- Configure a fail over authenticator for Integrated Windows Authentication
- Configure secondfactor selector
- Disable OTP for UID, Password and OTP authenticator
- eIDAS Authentication
- How to get the role value required for the PhenixID web application
- How to replace the default authenticator for PhenixID web apps
- Limit date and time for login
- Map session userID
- OpenID Connect – Username and password
- OpenID Connect – Username and PhenixID OneTouch
- OpenID Connect – Username, password and OTP
- OpenID Connect – Username, password and PhenixID OneTouch
- OTP to manager, using SMTP
- Overview - HTTP Authenticators
- PhenixID web apps authentication – BankID
- PhenixID web apps authentication - Freja eID
- PhenixID web apps authentication – Header based authentication
- PhenixID web apps authentication – Internal Authenticator
- PhenixID web apps authentication – One Touch
- PhenixID web apps authentication – SAML SP
- PhenixID web apps authentication – SSL Client Certificate Authentication
- PhenixID web apps authentication – Username and password
- PhenixID web apps authentication – Username, password and OTP
- PhenixID web apps authentication – Windows SSO
- PhenixID web apps authentication and SAML – Selector
- Registration Authenticator
- SAML - Configuring Hypr as an authentication method
- SAML - Configuring Siths Eid as an authentication method
- SAML - Configuring Swedish BankID as an authentication method for PhenixID server
- SAML - Dispatch
- SAML - Federation Broker
- SAML - Freja eID
- SAML - Header based authentication
- SAML - NetID Access Server (NIAS) authentication
- SAML - SSL Client Certificate Authentication
- SAML - Windows SSO authentication
- Step-up Authentication
Developer Guides
- Develop HTTP API Authentication response output filter
- OAuth Client Credentials Flow - integration guide for developers
- OAuth2 - SAML2 ticket translation (eHM SAML Token use case) - integration guide for developers
- OAuth2 Token introspection - integration guide for developers
- OAuth2 Token revocation - integration guide for developers
- OpenID Connect / OAuth refresh_token grant - integration guide for developers
- OpenIDConnect Authorization Code Flow - integration guide for developers
- OpenIDConnect Authorization Code Flow with PKCE - integration guide for developers
- OpenIDConnect Implicit Flow - integration guide for developers
- OpenIDConnect UserInfo - integration guide for developers
- Using PhenixID HTTP API for NetID Access (SITHS/EFOS/Myndighets CA/Own CA) authentication
- Using PhenixID HTTP API for PhenixID OneTouch authentication (push)
- Using PhenixID HTTP API for session verification (get userID and authentication method)
- Using PhenixID HTTP API for Swedish BankID authentication
- Using PhenixID HTTP API for Swedish Freja eID authentication
- Using PhenixID HTTP API for Token OTP authentication
- Using PhenixID HTTP API to get OTP based on called-in phone number
- Using PhenixID HTTP API to send SMS
- Using PhenixID HTTP proxy API for Swedish BankID authentication and signing
Federation
- Create SAML metadata for Sweden Connect using PhenixID Authentication Services as IdP
- Federation - Add configuration to achieve Single-Sign-On (SSO)
- Federation - Add configuration to fetch information from request to Authenticator (Office365)
- Federation - Add configuration to redirect to different authentication methods based on client ip
- Federation - Add configuration to redirect to different authentication methods based on service provider entityID
- SAML - Add metadata with colliding EntityID
- SAML - Break SAML flow and redirect to other SP
- SAML - Configure DigestMethod algorithm
- SAML - Configure NameID persistent psuedonym
- SAML - Configure SignatureMethod algorithm
- SAML - Configure Single Logout (SLO)
- SAML - Use the same authenticator for multiple SAML service providers
- SAML consent
- SAML IdP - centralize assertion logic when IdP offers multiple authentication methods and/or service providers
- SAML IdP Discovery
- SAML IdP Extra Validation Checks
- SAML Metadata information
- SAML Resolve Request Properties
- SAML Scope and Scoped Attributes
GUI customisation
Add multilingual display value for Authenticator
Customise HTTP authentication pages
Customise HTTP authentication pages 4.x and later
Customise texts
How to change root URL redirect target
How to change the URL to redirect to after logout
How to customise PhenixID mobile apps settings
How to customise Self Service
How to remove the security checkbox "I am a human"
How to whitelist allowed nextTargetURL in PhenixID Server
Removing first information box in One Touch enrollment
Replace login for config UI
Set default language on PhenixID Server web pages from backend
HTTP API Orchestration
- How to setup the HTTP API for Freja eID authentication
- How to setup the HTTP API for Get OTP based on called-in phone number
- How to setup the HTTP API for NetID Access (SITHS/EFOS/Own CA) authentication
- How to setup the HTTP API for PhenixID OneTouch authentication (Push)
- How to setup the HTTP API for session verification (get userID and authentication method)
- How to setup the HTTP API for Swedish BankID authentication
- How to setup the HTTP API for Token OTP authentication
- How to setup the HTTP API to send SMS
- How to setup the HTTP proxy API for Swedish BankID authentication and signing
- HTTP Authentication API
Infrastructure & Orchastration
- Add configuration for keys stored in HSM
- Automatic import of trusted certificates to the Java truststore
- Change HTTP Header from PAS
- Change HTTP port for PhenixID Server
- Change IP address of a PAS cluster
- Disable event to database
- Edit log settings
- Filtering events to database
- Install necessary Linux fonts for the PAS installation
- Linux in a virtual environment
- Manage Proxy Settings
- Monitoring events
- Notification of keystore about to expire
- Orchestration overview
- Orchestration technical instructions
- PhenixID Server, silent install
- Protocols and ports in PhenixID Server
- Use an extra vmoptionsfile for additional java options
- Use custom SSL certificate for https
- Use keystores in Hardware Security Module (HSM)
Misc Configuration
- Add configuration to filter results in MFAAdmin based on logged-in user
- Add new certificates to trust store
- Add username from session to flow
- Change license file
- Change session timeout for PhenixID Server
- Customer preparations before installing Signing and Signing Workflow
- Enable "Change Language" option for authenticator
- Event date and time formatting
- Expressions
- Extract property from json with ScriptEvalValve
- Fetch java thread dump on Windows Server operating systems
- Forcing cookies sent over HTTPS only (setting secure flag)
- Globals
- Handle nullPointerException on wrongly saved SAML authentication link
- How to add custom CA to PhenixID Server
- How to configure Self Service and MFA Admin to allow internal network access only
- How to convert Swedish personal number from 10 to 12 characters
- How to use parallel delivery methods in PhenixID Server
- Include valve classes from external packages
- Language changes need to be reflected without restarting the server
- Misc Configuration options
- Seal completed documets from SWF
- Server configuration backup
- Setting remote IP source
- Solving HTTP GET failed : Response entity too large
- Trusting BankID CA
- URI's used by PhenixID Authentication Services, PhenixID Password Self Service and PhenixID Signing Services
- Use of sessionValues parameter on HTTP authenticator
- Use of translation parameter on HTTP authenticator
- Use PhenixID Server as SCIM Bulk endpoint
- User Lockout in PhenixID Server
Messaging
- Change default timeout on Message Gateway client
- Customize SMTP settings for OTPBySMTPValve
- Enabling direct notifications
- How to add monitoring of service and external dependencies
- How to change mail template text in PhenixID Server for OTPBySMTPValve
- How to change sms text in PhenixID Server
- How to include line breaks when sending messages
- Message Gateway Account
- SMS request rate limiter
- Supported voice languages
OIDC/OAUTH
- How to add Token Introspection to PhenixID Authentication Services OAuth2 Authorization Server
- How to add Token Revocation to PhenixID Authentication Services OAuth2 Authorization Server
- How to add UserInfo to PhenixID Authentication Services OpenID Connect Provider
- How to configure PhenixID Authentication Services as an OAuth Authorization Server Provider (AS) - using Client Credentials Flow
- How to configure PhenixID Authentication Services as an OpenIDConnect Provider (OP) - using Authorization Code Flow
- How to configure PhenixID Authentication Services as an OpenIDConnect Provider (OP) - using Implicit Flow
- How to configure PhenixID Authentication Services as an OpenIDConnect Relying Party (RP) consuming an external authentication (OP)
- How to configure PhenixID Authentication Services for public clients (SPAs, embedded browsers)
- How to configure PhenixID Authentication Services OpenIDConnect Provider (OP) with PKCE extension
- How to configure PhenixID Authentication Services to issue refresh tokens
- How to configure PhenixID Authentication Services to properly populate JWT array claims
- How to configure PhenixID Authentication Services to white list a redirect_uri with a query string
- How to manually change the jwks_uri
- How to set CORS for SPA applications and embedded browsers
- How to set up OIDC Session Management in PAS 4.7 (as the OpenID Provider)
- How to setup the HTTP API for ticket translation oAuth2 Bearer token - SAML2 (eHM SAML Token use case)
- OIDC / OAuth - Add configuration to achieve Single-Sign-On (SSO)
- OpenIDConnect with PAS - Overview
- Understanding SAML attributes - OIDC claims mapping, when using PAS as OP/SAML-SP bridge
Mobile Apps
- Activate One Touch - Change authentication method
- Activate One Touch - SSL Client Certificate
- Activate One Touch - User and Password
- Activate One Touch - Username, Password and OTP
- Activate Pocket Pass - Change authentication method
- Activate Pocket Pass - User and Password
- Activate Pocket Pass - Username, Password and OTP
- Add action to One Touch
- Add branding to One Touch/Pocket Pass OTP profiles
- Add configuration to only allow one profile per issuer and device
- Change expiration time of PhenixID OneTouch certificate
- Change expiration time of PhenixID Pocket Pass
- Disable rooted devices
- Enable Activate One Touch with One Touch action as SAML SP
- How-to-guide for customizing PhenixID One Touch profiles and assignments
- Login to MyApps with One Touch action
- Notification of One Touch profiles, about to expire
- One Touch quick mode (PAS version 4.1 or later)
- Open Phenixid OneTouch automatically on same device (autostart)
- Pocket Pass scheme
- Set different PhenixID OneTouch certificate expiry date-time based on user permissions
- Show Pocket Pass Key Secret in MFA Admin or Self Service
- Use One Touch to Report Fraud
- Version2.7LANG Activate Pocket Pass - Username, Password and OTP
Radius
- Disable OTP / One Touch for radius authenticators
- How to add support for different MS login formats on RADIUS authentication
- How to setup Framed IP using AD with msRADIUSFramedIPAddress attribute
- How to setup PhenixID MFA Server as a MS CHAPv2 proxy
- Password encoding with RADIUS authenticator
- Radius PAP Security
Reporting
- Add custom report in PhenixID Authentication Services
- Add new role Reports to configuration UI
- Create report to audit authentications per service and authentication method
- Create report to list enrolled OneTouch users
- How to add billing to PhenixID Server, using event bridge module
- How to add Reports module to MFA Admin
Sign-in Methods
- Add configuration for legacy tokens
- Added BankID attributes in PAS 4.7
- Change authentication to mail and OTP with SQL UserStore
- Configure MFA admin with SQL user store
- Configure PhenixID Verify User Identity
- Configure Selfservice for SQL
- Freja eID enrollment - Self service
- Freja eID management - delegated
- How to configure PhenixID Server for Yubikey
- Import hardware tokens
- Import hardware tokens, version 4.1 and later
- PhenixID Verify User Identity for PAS 3.0 or later
- PhenixID Verify User Identity for PAS 4.6 or later
- Switching to BankID v6.0
- Uppgradering av BankID api version 5.1
- Use other OATH compliant app than Pocket Pass
- Whats new in 6.0?
- Yubico OATH integration
Step-by-Step
- Add PhenixID Authentication Services SAML Identity Provider to Skolfederationen
- Advanced configuration for Skolfederationen
- AWS MFA with PhenixID Authentication Services
- Azure AD / Office 365 SSO with PhenixID Authentication Services
- BOX SSO with PhenixID Authentication Services
- BTJ Artikelsök – MFA and SSO with PhenixID Authentication Services
- Configure Citrix Netscaler for Mutual TLS authentication with PhenixID Authentication Services
- Configure Execution flow attribute mapping for Skolfederationen
- Configure Password Self Service as a SAML Service Provider (SP)
- Configure PhenixID Authentication Services with Commissions (Medarbetaruppdrag)
- Consume Azure AD user authentication with PhenixID Authentication and Signing Services
- Consume Google user authentication with PhenixID Authentication and Signing Services
- Consume Norska ID-porten authentication with PhenixID Authentication and Signing Services
- Consume Norwegian BankID user authentication with PhenixID Authentication and Signing Services
- Consume SWAMID user authentication with PhenixID Authentication and Signing Services
- DigiExam MFA and SSO with PhenixID Authentication Services
- Film och Skola – MFA and SSO with PhenixID Authentication Services
- Gleerups – MFA and SSO with PhenixID Authentication Services
- How to construct eduPersonScopedAffiliation attribute for Skolfederationen
- How to construct norEduPersonBirthDate attribute for Skolfederationen
- How to construct sisSchoolCourseStudent & sisSchoolCourseTeacher attributes for Skolfederationen
- ILT Inläsningstjänst – MFA and SSO with PhenixID Authentication Services
- Infomentor MFA and SSO with PhenixID Authentication Services
- IST/Extens MFA and SSO with PhenixID Authentication Services
- itslearning – MFA and SSO with PhenixID Authentication Services
- Nationalencyklopedin MFA and SSO with PhenixID Authentication Services
- Nomp – MFA and SSO with PhenixID Authentication Services
- Optiplan (Skolskjuts) MFA and SSO with PhenixID Authentication Services
- Protect AWS Single-Sign-On Portal and AWS CLI with PhenixID Authentication Services
- PhenixID ADFS MFA adapter
- Skola24 – MFA and SSO with PhenixID Authentication Services
- SLI – MFA and SSO with PhenixID Authentication Services
- Studi MFA and SSO with PhenixID Authentication Services
- Tieto Education (Procapita Education) MFA and SSO with PhenixID Authentication Services
- Unikum – MFA and SSO with PhenixID Authentication Services
- Upgrade PhenixID ADFS MFA Adapter(s)
- Use PhenixID Authentication Services as OAuth Authorization Server for consumption of Cambio Open Services API resources
- Visma Severa – MFA PhenixID Authentication Services
Select category
Integrations
- PSD1200 – Setup certificate authentication for Azure
- PSD1199 – Use data on the logged in user to list users in an external LDAP
- PSD1196 – Integration with Swedish Navet
- PSD1186 – Use Case – Managing Partners/External Users
- PSD1176 – Create AD/Office 365 account with home directory
- PSD1175 – Create User in LDAP/Google/Office365
- PSD1162 – PIM REST Web Service client for PIP
- Step by Step – Configure IM as a SAML SP
- PSD1085 – Search, Edit or Create objects in an external LDAP directory. MultiDB.
- PSD1063 – Configure PIM to send data to PIP using SOAP
- PSD1062 – How to redirect IM audit messages to a relational database
Misc Guides
- PSD1169 – Overview how to integrate PIM with PIP
- PSD1194 – Manage proxyAddresses
- PSD1187 – IGA – Approve Custom Control
- PSD1188 – StaticImage
- PSD1184 – Use Case – School
- PSD1182 – Use PIM to search in SQL
- PSD1174 – Create User with unique SSN
- PSD1173 – PIM/PIP Use Cases
- PSD1172 – IGA using PIM and PIP
- PSD1160 – Prevent to change form if data has been changed
- PSD1155 – Calculate a value in Identity Manager
- PSD1152 – Manage objects based on attributes from other objects
- PSD1143 – Common IM policies
- PSD1142 – Enable AES encryption in PIM
- PSD1134 – Add IM as a service
- PSD1109 – Send Identity Manager audit log to database
- PSD1086 – Enable logging in Identity Manager Configurator
- PSD1082 – Compose and generate directory user ID’s with Identity Manager
- PSD1072 – Manage Password Custom Control
- PSD1061 – Control attribute syntax against filter
- PSD1058 – IM Policy SORT_OBJECTCLASSES
UI Guides
- PSD1201 – Manage language
- PSD1195 – PIM look and feel
- PSD1193 – Manage PIM Avatar
- PSD1180 – Date custom control
- PSD1179 – Show MultiValue In Grid Custom Control in Identity Manager
- PSD1177 – Create your own custom view
- PSD1168 – Manage button and check boxes in forms
- PSD1166 – Assign a form to a predefined search
- PSD1165 – Configure tabbing in a form
- PSD1164 – Tab Parameters
- PSD1161 – singleValueSelect
- PSD1156 – Include/Exclude OU´s in Main view. DN_Filter.
- PSD1154 – Set Date By Checking Checkbox In Identity Manager
- PSD1141 – Concatenate In Grid Custom Control in Identity Manager
- PSD1150 – Mandatory filter
- PSD1147 – Linked list custom control
- PSD1144 – Find and replace characters in a string
- PSD1133 – MultiListStaticStringControl
- PSD1132 – MultiListStringControl
- PSD1125 – Form Popup filter
- PSD1123 – MyUsersFilter for Identity Manager
- PSD1098 – Virtual view with parent and child attribute
- PSD1073 – MultiList
- PSD1066 – Filters to convert values
Select category
Integrations
- PSD1203 – Nexus Certificate Manager Revoke Action
- PSD1191 – Net iD Portal Actions
- PSD1198 – Use PIP to Import Yubico tokes to PAS DB
- PSD1171 – Google Directory Admin Actions for Identity Provisioning
- PSD1158 – Google Gmail Set Signature Actions
- PSD1157 – Google Calendar Actions
- PSD1148 – SiteVision actions for Identity Provisioning
- PSD1139 – MS Dynamics CRM Actions for Identity Provisioning
- PSD1138 – Visma Enterprise HRM Actions for Identity Provisioning
- PSD1130 – Bolagsverket Actions for Identity Provisioning
- PSD1126 – Tieto Education Actions for Identity Provisioning
- PSD1124 – Navet XML Actions for Identity Provisioning
- PSD1195 – Google Apps Service Account Configuration
- PSD1122 – Navet Action for Identity Provisioning
- PSD1114 – Visma Personec Actions for Identity Provisioning
- PSD1100 – ServiceNow Actions for Identity Provisioning
- PSD1084 – Azure Active Directory Actions for Identity Provisioning
- PSD1076 – Automatic User Provisioning to Salesforce.com
- PSD5007 – Google Apps Service Account Configuration
Misc Guides
- PSD1202 – NTLM over HTTP using PIP
- PSD1197 – Migrate to Log4j2
- PSD1192 – Configuration of Log4j2 in PIP
- PSD1190 – Validate Personal ID Number
- PSD1185 – Cron Trigger Scheduler in PIP
- PSD1181 – Global Parameters
- PSD1178 – Use a JSON-file as datasource in PIP
- PSD1163 – Configure PIP REST Web Service
- PSD1146 – Enable AES encryption in Identity Provisioning
- PSD1120 – Export information from IST
- SCIM Actions for Identity Provisioning – Appendix – PIP Session to SCIM Json mapping
- PSD1102 – SCIM Actions for Identity Provisioning
- PSD1101 – ARS-Remedy Actions for Identity Provisioning
- PSD1087 – Condition Filter in Identity Provisioning Actions
- PSD1083 – Make Sure Remote Identity Provisioning Service is Up and Running
- PSD1059 – Deprecated Actions in Provisioning Service
- Get Procapita Data
- PSD1051 – Exception java.lang.OutOfMemoryError in aamlog.txt / aamstudiolog.txt
- PSD5006 – LDAP Connection Pooling in AAM
