View Adaptive Authentication login failure scenarios

If Adaptive Authentication is used with the user group check feature enabled, RADIUS responds accordingly in these login failure scenarios based on the authentication workflow.

Note that the following workflows do not correlate exactly to the workflows in SecureAuth IdP. Some of the following workflows are not included in SecureAuth IdP "Login Screen Options" and vice versa. For example, RADIUS does not have an option for "Username only" (while SecureAuth IdP does) and SecureAuth IdP does not have an option for "PIN + OTP" (while RADIUS does).

  • Workflow 1 = Password | Second Factor

  • Workflow 2 = Password & Mobile Login Request (Approve / Deny)

  • Workflow 3 = Password only

  • Workflow 4 = One-Time Passcode (TOTP/HOTP) only

  • Workflow 5 = One-Time Passcode / Password

  • Workflow 6 = Password | One-Time Passcode (TOTP/HOTP)

  • Workflow 7 = One-Time Passcode (TOTP/HOTP) | Password

  • Workflow 8 = Username | Second Factor

  • Workflow 9 = Username | Second Factor | Password

  • Workflow 10 = PIN + OTP

  • Workflow 11 = Password & One-Time Passcode (TOTP/HOTP)

  • Workflow 12 = Yubico OTP only

  • Workflow 13 = Password | Yubico OTP

  • Workflow 14 = Username | Fingerprint

  • Workflow 15= Username | Face Recognition

Note

In workflows without second factors (3,4,5,10,12), RADIUS always requires a username and password (password, OTP, OTP or password, PIN+OTP, Yubico OTP).

Login failure scenario

End-user experience from RADIUS

-- Workflows 1, 2, 6, 8, 9, 11, 14, 15

End-user experience from RADIUS-- Workflows 3, 4, 5, 10, 12

End-user experience from RADIUS -- Workflows 7, 13

Hard stop; refuse authentication request

Login failed message received

Login failed message received

Login failed message received

Step up, require two-factor authentication

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

Step down, skip two-factor authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Workflow 7: RADIUS requests OTP,  then password Workflow 13: RADIUS requests password, then Yubico OTP

Resume authentication workflow

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

Skip to post-authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Workflow 7: RADIUS requests OTP,  then password Workflow 13: RADIUS requests password, then Yubico OTP

No failure

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor