Identities

Introduction

Identities are how users authenticate with the Ubiq SDK.

There are two kinds of Identities:

• Identities created manually in the Identities panel (use a three-part API Key to authenticate)
• Identities created via a SCIM integration with your Identity Provider (IDP) (use your IDP credentials to authenticate)

You may also want to add new Identities for each new server/machine you need to encrypt or decrypt data on securely with your Applications. An identity with a key can be given a short term expiration, for cases like Contractors or Temporary Access. Likewise, you may want to delete Identities when they are no longer needed.

Manage Identities

1. On the left side menu click Identities.

2. The Identities panel appears showing all Identites, created within the Identities panel (Server Icon) or imported via your SCIM integration (Person icon).

3. Edit, Delete, Disable or Roll an Identity by selecting the three dots (...) at the end of every row. (Note: SCIM-provisioned Identities can be edited (name, description) but you cannot roll or disable them. To disable or expire a SCIM-provisioned Identity, disable or modify them in your IDP.)

4. If you select Roll Identity, then you will be presented with an additional Roll Identity panel.

5. Select the expiration date followed by pressing the Roll API Key button. You will be required to authenticate with your authenticator application one-time passcode to complete the action.

Adding Identities

1. Add new Identities by selecting the + New Identity button located at the right of the Identities panel.

2. You will then be presented with a New API Key panel where you can enter a Name, Description, Expiration for the new API Key.

3. Next, click Create Identity, acquire your API Key Credentials by clicking the Copy button, and select the Dataset(s) that you want to associate the new key with. It is very important that you save the API Key Credentials so that you’ll have them available for use. These credentials will not be accessible later if you Close the create panel without copying them.

❗️

Confidentially of these API Key Credentials is critical to protecting encrypted data. For these reasons, the Credentials should be stored in a well-managed and backed up secret management server or password vault.

Rolling an Identity

You may want to roll an Identity if it is compromised and you need to block it and generate a new one. When rolling an Identity, you can choose to block the old key immediately or allow it to work for a limited time interval, providing you with time to make the transition.

When you Roll an Identity, there is no need to regenerate the Primary Key. The replacement Credentials will automatically be associated with the original Primary Key.