Introduction

LYNKS supports multiple authentication methods to accommodate different organizational security requirements and user preferences. Each authentication method provides secure login capabilities and transaction signing functionality, enabling organizations to choose the approach that best aligns with their security policies and user needs.

Authentication methods serve dual purposes in LYNKS: they authenticate users during login and provide digital signatures for transaction authorization. Users can be configured with one or more authentication methods depending on tenant settings and organizational requirements.

Available authentication methods

LYNKS offers three primary authentication methods that can be enabled at the tenant level and configured per user.

Single Sign-On (SSO)

Enterprise identity provider integration with OAuth2 and SAMLv2 protocols for centralized authentication and standard electronic signatures

LuxTrust

Qualified electronic signatures using digital certificates compliant with eIDAS regulations for high-value transactions

LYNKS Mobile App

Mobile authentication with INCERT certificates, push notifications, and biometric support for iOS and Android devices

Authentication method configuration

Authentication methods are configured at multiple levels within LYNKS to provide flexibility and security.

Tenant-level configuration

Each tenant can enable or disable specific authentication methods based on organizational requirements. Authentication methods available at the tenant level determine which methods can be assigned to users.

User-level activation

When creating or editing users, administrators configure authentication methods for individual users. Each user can have one or more authentication methods enabled based on their roles and responsibilities.

Method combinations

Multiple authentication methods can be enabled simultaneously, allowing flexible configuration such as SSO for login combined with LuxTrust for high-value transaction signatures.

Authentication vs. signature methods

LYNKS distinguishes between authentication methods (for login) and signature methods (for transaction authorization), though the same technologies can serve both purposes.

Authentication methods

Authentication methods control how users log in to LYNKS, verifying user identity during the login process with multi-factor authentication for all methods.

Signature methods

Signature methods control how users authorize transactions and configurations, providing digital signatures with varying levels of legal validity depending on the method used.

Signature levels

Different authentication methods provide different levels of signature assurance:

Signature Level	Authentication Method	Legal Validity	Use Case
Standard Electronic Signature	SSO	Valid for most business transactions	Standard payments, routine approvals
Advanced Electronic Signature	LYNKS Mobile App	Enhanced legal validity with certificate	Regular payments, counterparty approvals
Qualified Electronic Signature	LuxTrust	Highest legal validity, equivalent to handwritten signature	High-value payments, regulatory compliance

Security features

All authentication methods implement comprehensive security features to protect user access and transaction integrity.

Multi-factor authentication

All authentication methods provide multi-factor authentication combining knowledge factors (passwords, PINs), possession factors (mobile devices, smart cards), and inherence factors (biometric authentication).

Certificate validation

LuxTrust and LYNKS mobile app authentication include X.509 certificate validation, OCSP checks for real-time certificate revocation, trust chain verification, and automatic validation of certificate validity periods.

Audit trail

All authentication events are logged in the LYNKS audit trail, including login attempts, authentication methods used, device information, certificate details, timestamps, and IP addresses.

Session management

LYNKS implements secure session management with timeout policies, secure token storage, logout invalidation, and session activity monitoring.

Best practices

Organizations should follow these best practices when configuring authentication methods.

Choosing authentication methods

Consider regulatory requirements, transaction values, user experience, existing infrastructure, mobile access needs, and cost when selecting authentication methods for your organization.

User configuration

Ensure users have at least one authentication method enabled, configure methods appropriate to user roles, consider enabling multiple methods for critical users, and implement segregation of duties through different authentication methods for maker/checker workflows.

Security policies

Monitor LuxTrust certificate expiration dates, regularly review mobile app enrollments and user authentication assignments, establish incident response procedures for lost devices or compromised certificates, and provide training to ensure users understand their assigned authentication methods.

Support

For assistance with authentication method configuration, certificate issues, or technical support, contact the LYNKS support team at [email protected].

Authentication method setup and identity provider integration can be configured during tenant onboarding or enabled later as organizational requirements evolve.