Jans Casa Documentation

Overview

Jans Casa ("Casa") is a self-service web portal for end-users to manage authentication and authorization preferences for their account in a Janssen Server.

For example, as people interact with an organization's digital services, they may need to:

• Enroll, delete and manage two-factor authentication (2FA) credentials for their account (e.g. FIDO security keys, mobile apps, phone numbers, etc.)
• Turn 2FA on and off
• View and manage which external apps have been authorized to access what personal data
• View trusted devices

Casa provides a platform for people to perform these account security functions and more in a friendly, straightforward manner.

Two-factor authentication

The core use case for Casa is self-service 2FA. If people need to call the helpdesk every time they get a new phone or security key, supporting strong authentication becomes prohibitively expensive.

Out-of-the-box, Casa can be used to enroll and manage the following authenticators:

• FIDO2 security keys like Yubikeys
• Gluu's FIDO push-notification mobile app, Super Gluu
• OTP hardware cards like these or dongles like these
• OTP mobile apps like Google Authenticator, FreeOTP, etc.
• Mobile phone numbers able to receive OTPs via SMS
• Passwords

Additional authenticators and use cases can be supported via custom plugins.

2FA enrollment APIs

To facilitate 2FA device enrollment during account registration, or elsewhere in an application ecosystem, Casa exposes APIs for enrolling the following types of authenticators:

• Phone numbers for SMS OTP
• OTP apps, cards, or dongles
• FIDO2 security keys

Configuration via APIs

Besides a comprehensive graphical admin console, application settings can also be manipulated by means of a configuration API.

Existing plugins

Casa is a plugin-oriented, Java web application. Existing functionality can be extended and new functionality and APIs can be introduced through plugins. Currently, there are plugins available for the following:

• Accounts linking
• Consent management
• Custom branding
• 2FA settings

If you are interested in onboarding additional authentication methods to Casa, read this guide.

Janssen Server integration

Janssen Server relies on "interception scripts" to implement user authentication. Casa itself has an interception script which defines authentication logic and routes authentications to specific 2FA mechanisms which also have their own scripts.

User roles

There are two types of users in Jans Casa:

• Regular users: Any user in the Janssen Server

• Admin users: Users having the CasaAdmin role

Admin users have access to the Casa admin console. All users can manage their 2FA credentials, as outlined in the user guide.

A user can be "turned" into an administrator by editing his profile - in TUI for instance - ensuring CasaAdmin is part of his role attribute.

Get started

Use the following links to get started with Casa:

Admin Guide

• Quick start
• Admin console
• Credentials storage
• Custom branding
• FAQs

User Guide

• Home

---

Last update: 2024-03-21
Created: 2023-10-05