This guide provides technical specifications for establishing a secure session within the IUSign Enterprise platform, including Multi-Factor Authentication (MFA) protocols and session governance.
Prerequisites
- An active, verified IUSign identity.
- Valid primary credentials (Email and high-entropy Password).
- Access to a synchronized Multi-Factor Authentication (MFA) device (if mandated by organizational policy).
Strategic Overview
The IUSign authentication engine is built upon industry-standard security frameworks to ensure zero-persistence identity verification. Every authentication request is treated as a security event, processed through a rigorous validation pipeline that includes credential verification, MFA challenge execution, and the provisioning of time-bound, cryptographically signed access tokens (JWT).
Implementation Sequence
1. Gateway Access
Navigate to the primary authentication portal at /login. This portal utilizes TLS 1.3 encryption to protect identity parameters during transmission.
2. Primary Identity Verification
Input your registered identity parameters to initialize the authentication handshake:
- Unique Identifier: The email address associated with your tenant profile.
- Security Credential: Your high-entropy account password.
3. Multi-Factor Verification (MFA)
If MFA is active on the account (highly recommended for all Enterprise users):
- Retrieve the current 6-digit Time-based One-Time Password (TOTP) from your registered device.
- Input the code into the verification interface to complete the cryptographic handshake.
[!NOTE] For initial MFA configuration and device synchronization, please refer to the Multi-Factor Authentication Setup Guide.
Session Governance and Security Constraints
IUSign enforces strict session policies to mitigate the risk of unauthorized access due to device theft or session hijacking:
| Policy Component | Operational Specification |
|---|---|
| Token Validity (JWT) | 24 hours (Non-persistent). |
| Extended Persistence | 30 days (via "Remember Me" encrypted secure cookie). |
| Inactivity Timeout | Automated session termination after 120 minutes of idle time. |
| Rate Limiting | Max 5 failed attempts per 15-minute window before IP-level throttling. |
Forensic Logging and Monitoring
Every authentication attempt is logged for forensic traceability:
- Authentication State: Success, Failure, or MFA_Pending.
- Geographic Telemetry: IP-based location and ASN data.
- Device Fingerprinting: Browser and Operating System identification to detect anomalous login patterns.
Diagnostic and Resolution Protocols
| System Message | Diagnostic Interpretation | Resolution Protocol |
|---|---|---|
| Invalid credentials | Identity or secret mismatch | Verify input accuracy or initiate credential recovery. |
| Account suspended | Administrative override | Contact your Tenant Administrator or IUSign Enterprise Support. |
| Rate limit triggered | Potential brute-force detected | The account is temporarily locked for 15 minutes to preserve integrity. |