search
Ctrlk
Back to Engine.tech

Identity SDK

hashtag
1. What is the Gen Identity SDK?

The Gen Identity SDK is a set of embeddable identity-protection capabilities that partners can plug into their own digital experiences (web or mobile) to offer identity theft protection and related services to their customers.

It wraps Gen’s threat intelligence, monitoring, restoration, and customer support into a configurable, partner-branded experience, delivered primarily as a responsive single-page application (SPA) implemented with standard web technologies (HTML/JS/CSS).

hashtag
Key Characteristics

  • Embeddable UI – A responsive SPA that can be inserted into a partner’s website or app.

  • Rich identity features – Support for capabilities such as dark web monitoring, social media monitoring, restoration support, reimbursement/insurance, and additional identity-protection services, with availability varying by region and commercial agreement.

  • Managed operations – Gen operates the underlying services, data pipelines, and monitoring infrastructure so partners do not need to build or maintain their own identity stack.

  • Fast time-to-market – Integration is designed to be much faster than building bespoke integrations with multiple point providers.

This guide focuses on a sanitized, external-safe overview. Detailed API references, code samples, and configuration matrices are provided separately under mutual confidentiality where required.

hashtag
Key Capabilities

The Identity SDK has the following capabilities (including but not limited to):

  • Dark Web Monitoring – Scans for exposed personal and financial data across breaches, dark web sources, and password combo lists.

  • Social Media Monitoring – Watches key social platforms for account takeover, scam links, harmful content, and impersonation.

  • Identity Restoration & Stolen Wallet Assist – Provides trained specialists to help resolve identity‑theft issues and replace stolen IDs and payment cards.

  • Identity Theft Insurance / Reimbursement – Surfaces plan details and coverage for eligible expenses, stolen funds, and legal support where offered.

  • Credit & Financial Monitoring – Tracks credit files and financial accounts for risky changes, suspicious transactions, and lock/unlock actions where contracts and regulations permit.

  • Additional Risk Signals – Adds specialized alerts such as phone/SIM takeover, address‑change verification, property title changes, payday/online lending and bank‑account takeover in supported markets.

hashtag
2. Who is the Identity SDK For?

The Identity SDK is intended for organizations that want to embed identity protection into existing customer journeys rather than send users to a standalone Gen property.

hashtag
Typical partner profiles include

  • Financial institutions (banks, card issuers, fintechs) embedding identity protection into digital banking or card experiences.

  • Telecommunications providers and ISPs offering identity protection as part of connectivity bundles.

  • Device and OEM partners integrating protection into device portals or companion apps (e.g., PC or mobile OEMs).

  • Insurance, benefits, and HR platforms that bundle identity protection into employee or member benefits.

  • Digital brands and retailers seeking to differentiate with premium privacy and identity offerings.

hashtag
To use the Identity SDK, partners must

  • Have an executed commercial agreement with Gen covering identity products and territories.

  • Meet Gen’s security and data-protection requirements, including secure handling of any personal data exchanged for enrollment and monitoring.

  • Support an integration pattern that can host web content (for example, web pages, in-app web views, or equivalent containers).

hashtag
3. Delivery Options

Gen provides several integration patterns built around the Identity SDK and related components.

hashtag
3.1 Embedded Identity SPA (SDK-based)

  • The partner embeds a Gen-hosted SPA inside their own web experience using standard web mechanisms (e.g., an iframe or equivalent container).

  • A lightweight JavaScript integration layer mediates communication between the host app and the Identity SPA.

  • The embedded UI inherits the partner’s look and feel via theme configuration (colors, typography, icons) and partner-specific support and legal links.

This is the primary pattern for web portals and desktop experiences.

hashtag
3.2 Hosted Identity Page

  • Gen hosts a wrapper page that embeds the Identity SPA.

  • The partner loads this wrapper in an iframe or mobile WebView and passes a short-lived access token to start the user’s session.

  • Branding and configuration are controlled through parameters and server-side configuration rather than a local SDK.

This option simplifies integration for partners who prefer minimal client-side code and centralized updates.

hashtag
4. High-Level Integration Flow

This section summarizes, at a non-sensitive level, how a typical partner would integrate the Identity SDK.

It intentionally omits API-level details, endpoints, and code samples, which are considered API technical documentation / product documentation and are shared only under appropriate confidentiality mechanisms.

1

hashtag
Commercial & Solution Design

  1. Define offering and markets

    • Select which identity features (e.g., dark web monitoring, social media monitoring, restoration, reimbursement, additional regional features) will be included in each plan and which countries/regions they will be sold in.

  2. Agree on entitlements & pricing

    • Align plan structures, entitlements, and billing models (e.g., per-user subscription, usage components) between the partner and Gen.

  3. Design user journeys

    • Decide where in the partner’s experience the Identity SDK appears (e.g., account hub, security center, app tab) and what triggers enrollment and access (purchase flow, benefit activation, etc.).

2

hashtag
Subscription & Entitlement Integration (Server-Side)

  1. Connect to Gen’s subscription services

    • Integrate with Gen’s subscription APIs to create, update, and cancel identity entitlements for end users, based on the partner’s purchase or eligibility flows.

  2. Pass required enrollment attributes

    • Send the minimal set of user attributes required for the chosen identity features (for example, certain contact and identity details needed for monitoring), subject to applicable privacy and data-protection laws.

  3. Maintain entitlements

    • Keep Gen’s view of the user’s entitlement in sync with the partner’s system (upgrades/downgrades, cancellations, region or plan changes).

circle-info

Note: Specific request/response schemas, fields, and error codes for these APIs are outside the scope of this external guide and are documented in restricted integration materials.

3

hashtag
Authentication & Single Sign-On

hashtag
Partner as the Identity Provider

The partner remains the system of record for authentication. Customers continue to sign in using their existing partner credentials.

hashtag
Authentication and Authorization

The Identity SDK SPA requires users to be both authenticated and authorized. Partners must implement Single Sign-On (SSO) to obtain a Norton Secure Login (NSL) token. This ensures that only enrolled and entitled members can securely access their identity data within the embedded portal experience.

Tokens must:

  • Be scoped to the intended user and audience.

  • Be transmitted only over secure channels (e.g., HTTPS).

  • Be refreshed or rotated prior to expiration.

hashtag
Supported Token Acquisition Flows

NSL access tokens are obtained through approved, standards-based SSO integrations:

  • OIDC Authorization Code Flow (Browser-based): Partner portals or applications complete the NSL OpenID Connect (OIDC) authorization code flow with the partner IdP to retrieve the tokens required by the Identity SPA.

  • Federated Token Exchange (where supported): A partner-issued JWT access token from an existing SSO session is exchanged with an NSL API to obtain the tokens used by the Identity SPA.

hashtag
Token Exchange and Session Establishment

Upon receiving a valid token, the Identity SDK or hosted SPA validates or exchanges it with Gen backend services. If validation is successful, Gen establishes an authenticated session for the user.

hashtag
Technical Specifications

Detailed requirements—including token formats, required claims, and validation rules—are defined in the SSO technical guides. These are provided to active partners under NDA.

4

hashtag
Embedding the Identity Experience

hashtag
4.1 Web Portals and Desktop

At a high level, partners:

  • Add a container on the page, such as an iframe, where the Identity experience will load.

  • Point that container to the Gen-hosted Identity SPA or wrapper URL for the appropriate environment.

  • Initialize the session by passing a short-lived access token and any optional configuration, such as branding or navigation settings.

  • Renew the session before the token expires by passing a new token through the documented renewal method.

Detailed URLs, API methods, parameters, and examples are provided in the SDK documentation under NDA.

hashtag
4.2 Mobile Apps

For mobile apps (iOS/Android):

  • Host the Identity experience in a secure WebView that loads the same hosted experience used on the web.

  • After the WebView finishes loading, invoke the same initialization and renewal methods from native code to pass the user token and configuration.

This allows partners to use a shared web experience across web and mobile with minimal platform-specific work.

5

hashtag
Branding, Theming, and Custom Content

Gen provides controlled hooks to adapt the Identity UI to partner branding without exposing core implementation details.

Partners can:

  • Align visual design by supplying theme attributes such as primary/secondary colors, background and surface colors, text treatments, and other design tokens that the SPA uses in predefined combinations.

  • Customize content entry points and labels, including:

    • Product name, support phone number, and URLs.

    • Links to the partner’s legal or terms-of-service pages.

    • Optional links for feature-specific help (for example, social media monitoring support).

  • Provide logos, font, and iconography via a managed content distribution path so that navigation elements and dashboard visuals match the partner’s brand system.

The specific configuration structure, CSS conventions, and file locations are considered implementation detail and are documented in full integration guides shared once a partner relationship and appropriate confidentiality protections are in place.

6

hashtag
Error Handling, Observability, and Support

At a conceptual level:

  • Error semantics

    • The Identity SDK and underlying APIs use standard HTTP semantics to indicate outcomes (for example, client errors for invalid requests or expired tokens, and server errors for transient issues).

    • Partners should present user-friendly error messaging and retries consistent with their own UX guidelines.

  • Monitoring and telemetry

    • Gen collects service-level telemetry for availability, performance, and security.

    • Partners may integrate their own logging around SDK usage (for example, feature entry and exit points), provided no sensitive tokens or personal data are logged inappropriately.

  • Support model

    • Gen provides integration support through solution engineering resources and ongoing documentation.

    • For production issues or questions, partners work with their assigned Gen contact and support channels defined in the commercial agreement.

hashtag
5. What This Guide Intentionally Omits

To comply with Gen’s confidentiality and data-classification standards, this document does not include:

  • Detailed API specifications (endpoints, full request/response schemas, authentication headers).

  • Low-level security architecture, internal network details, or infrastructure information.

  • Complete code samples, SDK reference documentation, and configuration schemas.

  • Any information explicitly marked as confidential or that a reasonable person should understand to be confidential or security-sensitive.

According to Gen’s NDA guidance, items such as API technical documentation, product documentation, threat feed access details, and long-term product roadmaps require either an NDA or existing contractual confidentiality protections before being shared.

When a partner progresses beyond early-stage discussions, Gen can provide the full Identity SDK technical documentation set under the appropriate confidentiality framework.

hashtag
6. Next Steps for Interested Partners

For partners evaluating the Identity SDK:

  1. Align internally on desired identity features, target markets, and go-to-market timelines.

  2. Engage your Gen representative to discuss solution fit, commercial terms, and any required NDA or onboarding steps.

  3. Once mutual confidentiality protections are in place, Gen will:

    • Share detailed integration guides for subscription APIs, SSO flows, and the Identity SDK or hosted SPA.

    • Provide sample configurations and implementation patterns tailored to the partner’s architecture.

    • Coordinate technical workshops as needed to accelerate time-to-market.

PreviousAntiscam SDK (iOS)NextSubscription API

Last updated

Was this helpful?