Skip to main content

View Adaptive Authentication login failure scenarios

If Adaptive Authentication is used with the user group check feature enabled and login fails, SecureAuth RADIUS responds accordingly based on the authentication workflow.

Note that the following workflows do not correlate exactly to the workflows in SecureAuth® Identity Platform. Some of the following workflows are not included in Identity Platform "Login Screen Options" and vice versa. For example, SecureAuth RADIUS does not have an option for "Username only" (while the Identity Platform does) and the Identity Platform does not have an option for "PIN + OTP" (while SecureAuth RADIUS does).

  • Workflow 1 = Password | Second Factor

  • Workflow 2 = Password & Mobile Login Request (Approve / Deny)

  • Workflow 3 = Password only

  • Workflow 4 = One-Time Passcode (TOTP/HOTP) only

  • Workflow 5 = One-Time Passcode / Password

  • Workflow 6 = Password | One-Time Passcode (TOTP/HOTP)

  • Workflow 7 = One-Time Passcode (TOTP/HOTP) | Password

  • Workflow 8 = Username | Second Factor

  • Workflow 9 = Username | Second Factor | Password

  • Workflow 10 = PIN + OTP

  • Workflow 11 = Password & One-Time Passcode (TOTP/HOTP)

  • Workflow 12 = Yubico OTP only

  • Workflow 13 = Password | Yubico OTP

  • Workflow 14 = Username | Fingerprint

  • Workflow 15= Username | Face Recognition

Note

In workflows without second factors (3,4,5,10,12), SecureAuth RADIUS always requires a username and password, such as password, OTP, OTP or password, PIN+OTP, or Yubico OTP.

Login failure scenario

End user experience from SecureAuth RADIUS

-- Workflows 1, 2, 6, 8, 9, 11, 14, 15

End user experience from SecureAuth RADIUS

-- Workflows 3, 4, 5, 10, 12

End user experience from SecureAuth RADIUS

-- Workflows 7, 13

Hard stop; refuse authentication request

Login failed message received

Login failed message received

Login failed message received

Step up, require two-factor authentication

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

Step down, skip two-factor authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Workflow 7: SecureAuth RADIUS requests OTP,  then password

Workflow 13: SecureAuth RADIUS requests password, then Yubico OTP

Resume authentication workflow

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

Skip to post-authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Workflow 7: SecureAuth RADIUS requests OTP,  then password

Workflow 13: SecureAuth RADIUS requests password, then Yubico OTP

No failure

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

In this section: