View Adaptive Authentication login failure scenarios, v20.06
If Adaptive Authentication is used with the user group check feature enabled, RADIUS responds accordingly in these login failure scenarios based on the authentication workflow.
Note that the following workflows do not correlate exactly to the workflows in SecureAuth IdP. Some of the following workflows are not included in SecureAuth IdP "Login Screen Options" and vice versa. For example, RADIUS does not have an option for "Username only" (while SecureAuth IdP does) and SecureAuth IdP does not have an option for "PIN + OTP" (while RADIUS does).
Workflow 1 = Password | Second Factor
Workflow 2 = Password & Mobile Login Request (Approve / Deny)
Workflow 3 = Password only
Workflow 4 = One-Time Passcode (TOTP/HOTP) only
Workflow 5 = One-Time Passcode / Password
Workflow 6 = Password | One-Time Passcode (TOTP/HOTP)
Workflow 7 = One-Time Passcode (TOTP/HOTP) | Password
Workflow 8 = Username | Second Factor
Workflow 9 = Username | Second Factor | Password
Workflow 10 = PIN + OTP
Workflow 11 = Password & One-Time Passcode (TOTP/HOTP)
Workflow 12 = Yubico OTP only
Workflow 13 = Password | Yubico OTP
Workflow 14 = Username | Fingerprint
Workflow 15 = Username | Face Recognition
Note
In workflows without second factors (3,4,5,10,12), RADIUS always requires a username and password (password, OTP, OTP or password, PIN+OTP, Yubico OTP).
Login failure scenario | End-user experience from RADIUS -- Workflows 1, 2, 6, 8, 9, 11, 14, 15 | End-user experience from RADIUS-- Workflows 3, 4, 5, 10, 12 | End-user experience from RADIUS -- Workflows 7, 13 |
|---|---|---|---|
Hard stop; refuse authentication request | Login failed message received | Login failed message received | Login failed message received |
Step up, require two-factor authentication | Prompt received for second authentication factor | Login request fulfilled | Prompt received for second authentication factor |
Step down, skip two-factor authentication | Second authentication factor skipped; login request fulfilled | Login request fulfilled | Workflow 7: RADIUS requests OTP, then password Workflow 13: RADIUS requests password, then Yubico OTP |
Resume authentication workflow | Prompt received for second authentication factor | Login request fulfilled | Prompt received for second authentication factor |
Skip to post-authentication | Second authentication factor skipped; login request fulfilled | Login request fulfilled | Workflow 7: RADIUS requests OTP, then password Workflow 13: RADIUS requests password, then Yubico OTP |
No failure | Prompt received for second authentication factor | Login request fulfilled | Prompt received for second authentication factor |