☁️
Zus Docs
  • About Züs
  • System
    • Providers and Services
      • Miner
      • Sharder
      • Blobber
      • Validator
      • Authorizer
      • Node Locator (0DNS)
    • Storage
      • Architecture and Data Management
      • Protocol
        • Allocations
        • Reference Objects
        • Challenges
        • Write Markers
          • Chain Hashing
          • Two Commit
        • Blobber Repair Protocol
      • ZS3 Server
        • Backup, Recovery and Replication
        • Encryption and Compression
        • S3FS Setup and Usage
        • Backup & Recovery with Restic on Blimp + ZS3 Server
        • Backup & Recovery with Veeam on Blimp + ZS3 Server
      • File Operations
        • Upload
        • Download
        • File Sharing
        • Partial Error Recovery
        • Streaming
        • Rent a Blobber
    • Smart Contracts
      • Storage S.C.
      • Miner S.C.
      • ZCN S.C.
      • ERC-20 S.C.s
      • Bridge Protocol
    • Blockchain & Consensus
      • Entities
    • User Authentication and Wallet Management System
      • OKTA Integration
      • Key Management System (KMS)
  • APIs
    • 0DNS API
    • JS API
    • Mobile API
  • CLIs
    • Storage CLI
      • Quickstart
      • Configuring the tool
    • Wallet CLI
      • Wallet Configuration
      • Quickstart
      • Configuring the tool
  • SDKs
    • Go SDK
      • GO SDK Microservices
    • JS SDK
  • Tokenomics
    • Staking
    • Reward & Penalty
  • ✨Züs Apps
    • 🗝️Vult
      • Getting Started
        • Web
        • Mobile
      • Vult AI
        • Batch Processing
        • Memory Retention
        • Technical Implementation
        • Architecture Overview
      • Login / Register
      • File Management Pages
      • File Sharing
      • Storage Management Dashboard
      • Storage Maintenance and Troubleshooting
      • Züs Subscription
      • Wallet Management
      • Refer a friend
      • Settings
    • 🏗️Blimp
      • Getting Started
      • Login / Register
      • Configure Storage
        • Create Standard Storage Allocation
        • Create Enterprise Allocation
        • Create S3 Server Allocation
        • Create Cloud Migration Allocation
        • Allocation Maintenance and Troubleshooting
      • File Management Pages
      • File Sharing
      • Manage Allocations
      • Upgrade Storage
      • Blimp Vault
      • Refer a friend
      • Settings
      • Launching ZS3 Server
      • Using CLI to backup files into Blimp + ZS3 Server
    • 🏠Chimney
      • Getting Started
      • Login / Register
      • Create New Deployment
      • Manage Your Deployments
      • Homepage
      • Staking Dashboard
      • Rank Dashboard
      • Monitor Dashboard
      • Stats Dashboard
      • Logs Dashboard
      • Wallet Dashboard
      • Operations on your Deployments
      • Restricted Blobbers
      • Settings
        • Manage Profile
        • Wallet Settings
        • Update Blobber Settings
        • Update Blobber Version
        • Refer a friend
        • Help
    • 🌐Atlus
      • Getting Started
      • Home page
      • Service Providers Page
      • Charts Page
        • Market Charts
        • Network Charts
        • Storage Charts
      • Blockchain Page
      • Server Map Page
      • Storage Explainer Page
      • Details Pages
        • Block Details Page
        • Transaction Details Page
        • Wallet Details Page
        • Miner Details Page
        • Sharder Details Page
        • Blobber Details Page
        • Validator Details Page
        • Authorizer Details Page
        • Allocation Details Page
      • Appendix: Common Components
    • ⚡Bolt
      • Getting Started
        • Web
        • Mobile
      • Login / Register
      • Sign In with external wallet
      • Staking Dashboard
      • Staking/Unstaking a provider
      • Claiming Rewards
      • Send/Receive ZCN tokens
      • Buy ZCN
      • Deposit/Withdraw ZCN tokens
      • Activity Dashboard
      • Refer a friend
      • Settings
  • Releases
    • Hardfork
Powered by GitBook
On this page
  • Main Components and Their Roles
  • Authentication and Access Flow
  • Security and Authentication Mechanisms
  • Frequently Asked Questions (Q&A)
  • Benefits of Enterprise Integration with Zus
  1. System

User Authentication and Wallet Management System

PreviousEntitiesNextOKTA Integration

Last updated 2 months ago

This document describes the comprehensive architecture and implementation details of the Enterprise User Authentication and Wallet Management System, which integrates Okta, Firebase, 0box, zVault, and zAuth to securely manage enterprise user identities, authentication flows, cryptographic wallets, and transaction validation within Zus services.

Main Components and Their Roles

Architecture-Level Components

The system comprises multiple integrated services:

Component
Function

Okta (OAuth2 Provider)

Stores enterprise user information and handles authentication for registered clients.

Firebase (Identity Verification and JWT Issuer)

Manages all Züs users and verifies Okta authentication before issuing its own JWT token.

0box

Controls access to zAuth and zVault, ensures wallet security, and manages registration expirations.

zVault

Stores user wallets and cryptographic keys, requiring JWT-based authentication, creates enterprise user wallets

zAuth

Handles transaction signing, ensuring that only authorized users can perform secure actions

Authentication and Access Flow

Each service interacts to maintain robust security, administrative oversight, and secure wallet management:

Step 1: Admin Registers Users in Okta

  • Enterprise users are registered in Okta, which stores their credentials

Step 2: User Logs in via Okta

  • Users authenticate using email/password, and Okta generates a JWT auth token.

Step 3: User Signs in with Firebase (Using Okta Token for Verification)

  • Users present their Okta JWT token to Firebase as proof of authentication.

  • Firebase verifies the Okta token before issuing its own Firebase JWT token.

  • This ensures that only authenticated Okta users can interact with Firebase services.

Step 4: JWT-Based Authentication for Vault Access

  • Users authenticate with 0box using their Firebase JWT token.

  • 0box validates access and provides a JWT for accessing zVault

Step 5: Wallet Generation and Registration in zVault

  • The wallet is generated and registered in zVault using the JWT vault token for authentication.

Step 6: Transactions Require JWT Authentication via zAuth

  • Any transaction or sensitive operation requires a valid JWT vault token.

  • zAuth verifies the token before signing transactions.

Step 7: 0box Manages Registration Expirations

  • If necessary, 0box can revoke a user's registration, restricting access to wallets and authentication services

Security and Authentication Mechanisms

Multi-Layered Authentication

  • Each component issues its own JWT token to authorized users, ensuring secure access.

  • Firebase verifies Okta authentication before issuing its token, ensuring enterprise users are authenticated.

  • Wallets are generated and registered securely in zVault.

  • 0box acts as the central access controller, regulating interactions with zAuth and zVault.

  • Multiple authentication layers (Okta + Firebase + JWTs) enhance security and identity verification.

Frequently Asked Questions (Q&A)

Q: Does the user generate the wallet, or does zVault create it for them?

A: For enterprise users, wallets are securely generated directly in zVault. Sensitive keys (mnemonics and master keys) are never exposed to the client.

Q: Can Okta admins access a user’s wallet if they control the login?

A: Yes, zVault generates a pair of split-keys for admins, allowing continuous access to user wallets, even post-account revocation.

Q: What happens to the user’s wallet and data if they are revoked or leave?

A: User access is immediately revoked, rendering the wallet inactive for the user. Admins retain access via the provided split-key mechanism, ensuring continuous administrative control.

Benefits of Enterprise Integration with Zus

  • Enhanced Security: Multi-layered authentication safeguards user wallets and sensitive transactions.

  • Automated User Management: Instant synchronization and revocation of user access through webhook integration.

  • Administrative Continuity: Admin-level split-key ensures continuous secure access to wallets post-user account deletion or revocation.

  • Better User Experience: OAuth2-based Okta integration simplifies user identity management.

This system ensures secure authentication, controlled access to user wallets, and transaction security using JWT-based authentication.

By integrating Okta and Firebase for identity management and leveraging 0box for access control, the system maintains strict security policies while ensuring smooth user interactions.