Documentation

 

 

If Adaptive Authentication is used with the user group check feature enabled, RADIUS responds accordingly in these login failure scenarios based on the authentication workflow.

Note that the following workflows do not correlate exactly to the workflows in SecureAuth IdP. Some of the following workflows are not included in SecureAuth IdP "Login Screen Options" and vice versa. For example, RADIUS does not have an option for "Username only" (while SecureAuth IdP does) and SecureAuth IdP does not have an option for "PIN + OTP" (while RADIUS does).

  • Workflow 1 = Password | Second Factor
  • Workflow 2 = Password & Mobile Login Request (Approve / Deny)
  • Workflow 3 = Password only
  • Workflow 4 = One-Time Passcode (TOTP/HOTP) only
  • Workflow 5 = One-Time Passcode / Password 
  • Workflow 6 = Password | One-Time Passcode (TOTP/HOTP)
  • Workflow 7 = One-Time Passcode (TOTP/HOTP) | Password
  • Workflow 8 = Username | Second Factor
  • Workflow 9 = Username | Second Factor | Password
  • Workflow 10 = PIN + OTP
  • Workflow 11 = Password & One-Time Passcode (TOTP/HOTP)
  • Workflow 12 = Yubico OTP only
  • Workflow 13 = Password | Yubico OTP
  • Workflow 14 = Username | Fingerprint
  • Workflow 15= Username | Face Recognition

Login failure scenario

End-user experience from RADIUS
-- Workflows 1, 2, 6, 7, 8, 9, 11, 13

End-user experience from RADIUS -- Workflows 3, 4, 5, 10, 12

End-user experience from RADIUS -- Workflows 14, 15

Hard stop; refuse authentication request

Login failed message received

Login failed message received

Login failed message received

Step up, require two-factor authentication

Prompt received for second authentication factor

Login request fulfilled

Login failed message received

Step down, skip two-factor authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Second authentication factor skipped; login request fulfilled

Resume authentication workflow

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor

Skip to post-authentication

Second authentication factor skipped; login request fulfilled

Login request fulfilled

Second authentication factor skipped; login request fulfilled

No failure

Prompt received for second authentication factor

Login request fulfilled

Prompt received for second authentication factor
  • No labels