Step-up

When the end-user uses an authentication method that is below the required authentication level, they must perform step-up. This increases the aforementioned authentication level for the duration of the session.

An authentication level is a quantification of the strength of an authentication mechanism.

There are several authentication mechanisms that allow an end-user to perform step-up authentication:

  • PIN
  • SMS
  • Email message
  • Time based one time password (like Google authenticator)
  • Externally delivered code (e.g. via letter)
  • Mobile step-up authentication (provided by the Onegini Token Server)

What is required?

To successfully complete this topic guide you need to ensure following prerequisites:

  • Onegini IDP instance must to be running, for the sake of this guide we assume it's available under the http://localhost address
  • access to Onegini IDP admin console

Configuration

Login to the admin console and browse to: Smart Security -> Step-up authentication.

On this page you can define the authentication level for every available step-up method. Once the user has completed a specific step-up authentication method the authentication level in their session will have the level of the step-up authentication method that they have completed.

Additionally, you can configure a number of mobile step-up authentication properties. These are explained in the mobile step-up authentication topic guide.