Skip to main content
The Trusona connector integrates the Maverics Orchestrator with Trusona — enabling OIDC-based passwordless authentication and identity verification.
Console terminology: In the Maverics Console, this section is called Identity Fabric. The YAML configuration uses the connectors key to define identity provider integrations.

Overview

The Trusona connector uses OpenID Connect. Trusona specializes in passwordless authentication and identity proofing — making it a strong choice for environments that need to eliminate passwords or verify user identity with high assurance.

Use Cases

  • Passwordless authentication — Replace password-based login with Trusona’s passwordless verification, delivering a more secure and frictionless user experience across legacy and modern applications
  • Identity proofing for high-assurance access — Leverage Trusona’s identity verification capabilities to confirm user identity before granting access to sensitive or regulated applications
  • Unify SSO with step-up verification — Orchestrate Trusona alongside a primary IdP to add identity proofing as a step-up authentication layer, extending strong verification to applications that don’t natively support it
  • Authentication resilience — Include Trusona as part of a multi-IdP failover strategy, ensuring passwordless authentication remains available even if another identity provider experiences an outage

Configuration

To create a Trusona (OIDC) connector in the Maverics Console:
  1. Navigate to Identity Fabric in the Console sidebar.
  2. Click Create and select Trusona (OIDC).
  3. Enter a Name — this is the friendly name that identifies your provider.
  4. Enter the OIDC Well Known URL — the Trusona OIDC discovery endpoint provided by your Trusona account.
  5. Enter the OAuth Client ID — the client ID from your Trusona application configuration.
  6. Enter the OAuth Client Secret — the client secret from your Trusona application configuration.
  7. Under Redirect URLs, add the callback URL where Trusona will redirect after authentication. This URL must match the redirect URI configured in your Trusona application.
  8. Optionally configure Logout Callback URLs for single logout support.
  9. Optionally set Scopes (space-separated). Default scopes are typically openid profile email.
  10. The PKCE toggle is enabled by default. Disable it only if your Trusona application is not configured to support Proof Key for Code Exchange.
  11. Optionally enable Offline Access for token refresh support (Proxy apps only).
  12. Click Save.

Troubleshooting

  • Verify the well-known URL is accessible from the Orchestrator host — ensure the Trusona endpoint is correct
  • Ensure the redirect URL matches exactly what is registered in your Trusona application
  • Check that the client secret reference resolves correctly via your secret provider
  • Confirm the Trusona application is active — disabled applications will not respond to authentication requests

Identity Fabric

Overview of all identity providers

Generic OIDC

Generic OpenID Connect connector

Okta

OIDC connector for Okta

Keycloak

OIDC connector for Keycloak