Step-up
When the end-user uses an authentication method that is below the required authentication level, they must perform step-up. This increases the aforementioned authentication level for the duration of the session.
An authentication level is a quantification of the strength of an authentication mechanism.
There are several authentication mechanisms that allow an end-user to perform step-up authentication:
- PIN
- SMS
- Email message
- Time based one time password (like Google authenticator)
- Externally delivered code (e.g. via letter)
- Mobile step-up authentication (provided by the Onegini Token Server)
What is required?
To successfully complete this topic guide you need to ensure following prerequisites:
- Onegini IDP instance must to be running, for the sake of this guide we assume it's available under the http://localhost address
- access to Onegini IDP admin console
Configuration
Login to the admin console and browse to: Smart Security
-> Step-up authentication
.
On this page you can define the authentication level for every available step-up method. Once the user has completed a specific step-up authentication method the authentication level in their session will have the level of the step-up authentication method that they have completed.
Additionally, you can configure a number of mobile step-up authentication properties. These are explained in the mobile step-up authentication topic guide.