Skip to main content

Trivore Identity Service

Welcome to the public technical documentation for Trivore Identity Service (Trivore ID, previously known as onePortal).

Use the left-side navigation to explore:

  • API guides, including OpenID Connect and Management API
  • Main functions of Trivore ID
  • Management UI and operational guidance
  • Developer-focused implementation material

Getting help and finding guidance

This documentation is an introduction to Trivore ID features and concepts.

It may not include every field-level detail for every view. In Management UI, additional contextual information is often available by hovering over field labels or nearby information icons.

Important addresses

If you are new to Trivore ID, these are the most important addresses:

  • Documentation site: https://doc.trivoreid.com
  • API reference on your deployment: https://{your-id-server}/apidoc
  • Management UI: https://{your-id-server}/ui

Architectural overview

Trivore ID is more than an Identity Provider (IdP) or IAM product. It is also a platform for building external applications and services that rely on identity, access control, and related business capabilities.

Main elements

Trivore ID main elements

Trivore Identity Service core

TIS Core includes identity management, framework components, application logic, database, web server, LDAP server, and the management web UI. It is delivered as an installable software product.

Key platform characteristics include:

  • Multi-tenancy (namespaces)
  • Strong identification and modern authentication options
  • Fine-grained role and permission model
  • Audit trail and compliance-oriented controls
  • Flexible object and data model
  • REST APIs and UI-based administration

Trivore ID framework

The platform can also be used as a web application framework for custom solutions in sectors such as healthcare, public services, and enterprise platforms.

Multitenancy

Trivore ID is multitenant: many organisations can use the same platform safely and independently through isolated namespaces.

Because features and permissions can differ by namespace and role, users may see different functions and UI views depending on their scope.

OpenID Connect provider

Trivore ID includes an OpenID Certified OpenID Connect Provider. The certification process is also described in Scientific works on onePortal™.

Management UI

Management UI (historically “onePortal”) is used to manage tenants, namespaces, users, roles, groups, integrations, and configuration. It remains the central operations UI for administrators.

Self-service UI

Self-service UI enables end users to manage their own account and profile data. Source code can be provided to customers for customization use cases.

Management API

Management API is a REST API used by external applications and OAuth 2.0 clients to integrate with Trivore ID.

See API Guide for full details.

External user directories

Trivore ID supports identity federation and external directory integration, including LDAP and SAML-based environments.

See LDAP Server for implementation details.

Logical structure and extensions

Logical structure

Trivore ID is designed to be extensible. In addition to core identity features, organisations can add business-specific modules and integrations to match their domain requirements.

Trivore ID core data model

The core identity data model is flexible and commonly differs between namespaces and deployments.

Core data model

Terms (quick glossary)

  • User account: Primary security principal that can sign in and access services.
  • Namespace (tenant): Isolated logical environment for an organisation’s identities and data.
  • Management API: REST-based integration API for administration and platform features.
  • OpenID Connect (OIDC): Identity layer used for authentication and user identity assertions.
  • OAuth 2.0: Authorization framework used for delegated access.
  • Management UI (onePortal): Web UI used by administrators for managing the platform.
  • Self-service UI: End-user-facing UI for account and profile management.
  • Role-based access control (RBAC): Access model where permissions are grouped into roles.
  • Permission (right): A specific allowed action, usually assigned through roles.
  • Soft delete: Account is deactivated but recoverable data is retained.
  • Purge: Permanent deletion after a prior delete state.
  • 2FA: Additional factor beyond username and password for stronger authentication.
  • IDaaS: Identity-as-a-Service delivery model.
  • URI/URL/Path: Standard web addressing concepts used in endpoint definitions and links.

For feature-by-feature usage and configuration details, continue with the sections in this documentation site.

Last updated on