Bluink Identity Server

The Bluink Identity server is distributed using Docker, installable on most Linux distributions. To upgrade use the following: cd bluid ; git pull ; ./utils upgrade


  • Added support for Microsoft Intune via a new configuration flag

    To use it, if you need Intune support, add the following to the end of your config/.env file:

  • Enabled attestation certificate validation

    This is now always on. When Intune mode is disabled, this uses our default attestation certificate. When Intune mode is enabled, it uses the custom certificate configured via Intune.

  • Updated client API documentation

    Please ask us for the latest documentation if you need access to the API if you want to control user management from your own application.


  • Add new set of options for usage policies on relying party

    Reauthentication options come with the biometric option enabled by default.

    • Always allow
    • Only reauthenticate when outside geofences
    • Always reauthenticate
    • Inside geofences only, always allow
    • Inside geofences only, always reautheticate
  • Public geofences applied per relying party, with personal geofences applied to the account(s) they are assigned to when Include Personal Geofences is enabled

    Geofences are used when required by the usage policies listed above.


PLEASE NOTE: Run the following commands if you have not run them for a previous release:

  • Run git pull
  • Run ./configutils init
  • Run ./configutils wiz_dbbackupcron if you want to set up automated DB backups
  • Finally, ./utils upgrade to upgrade to the latest version

Hotfix v2.7.1

  • Allow setting registered smartphones to LOST

    Prevents new auth requests from being sent out to those phones and prevents them from responding to auth requests.

  • Updated push notification certificates for iOS


  • Add debug logging for authentication transactions

    If debug attribute is set to TRUE in config/.env all attributes passed in SAML transactions will be logged.

  • Add support for passing SIDs for group hierarchies


  • Add API to sync with Bluink Enterprise for tracking users and groups


PLEASE NOTE: For this release, use the following steps to run the upgrade:

  • Run git pull

  • Run ./configutils init

  • Run ./configutils wiz_dbbackupcron if you want to set up automated DB backups

  • Finally, ./utils upgrade to upgrade to the latest version

  • Add support for tracking groups for users via the API

  • Add the groups as attributes to the SAML claims

  • Add support for automated database backups

    See the upgrade notes at the top of this release to configure this


Hotfix v2.4.1

  • Fix a crash occuring when using the PAM module API


  • Add support for deleting clients via the API

  • Add ability for phones to retrieve transactions that may not have been received via push notifications (pull-down-to-refresh)

  • Fixes for improved stability and performance


  • Add support for the SAML protocol

    • SAML service providers can be registered on the server
    • Policies that apply to relying parties can also be added to SAML service providers
  • Now only uses one key pair for the OpenID Connect protocol, rather than one per RP

  • Add an error view to display errors in a friendlier manner

  • Add a way to download the public key and certificate .pem files directly


  • Transaction logs specify whether a transaction resulted in a successful authentication, and any reasons for a failed transaction

  • Implement transaction policies

    • Global policies
      • Requires Location: Allows transactions only if location services are enabled.
    • Policies on Relying Parties
      • Reauthentication: Forces the phone to reauthenticate for a transaction on the relying party

      • Biometric: Allows the the reauthentication to be biometric touch

      • Geolocations: Can be set per relying party or per user on the relying party

        Allows the phone to complete a transaction only if the phone is within the specified geofence or regional boundary


  • Get location data from the apps when completing transactions if available

  • Implement new phone APIs to better keep the apps in sync with the state of the server


  • Log most actions

  • Add a log API to allow extracting logs into another service

  • Add Android push notification support


  • API

    • Authorization through API key.
    • Get list of user accounts, create and update users accounts, generate registration codes for account
    • Get list of registered phones for all accounts, register a phone for an account using U2F registration protocol
    • Get list of registered Relying Parties and register new Relying Parties
    • Get list of transactions and get identity token JWT of transaction from authorization code
  • Identity UI

    • Enter account identifier on input form for 2FA notification to be sent to Identity smartphone app
    • Form displays confirmation code which must be correctly entered in Identity app for 2FA transaction to be approved