Manual Chapter : Step-up authentication configuration basics
Applies To:Show Versions
- 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3
Step-up authentication configuration
You need to create these configuration objects and settings to implement step-up authentication.
- Access profile
- The primary use for step-up authentication is to protect resources in a portal access or web access management (reverse proxy) configuration. You can use step-up authentication with all access profile types.
- Per-session policy
- A per-session policy, also known as an access policy, can include authentication or not. The policy can be as simple as Start-Allow, or it can be very complex.
- Per-request policy
- A policy that runs for each request throughout a session. It must include a call to the step-up authentication subroutine, and can include logic that determines when to call the step-up authentication subroutine. Unless the gating criteria for the step-up authentication subroutine is set to blank, or to a variable that gets populated automatically, the per-request policy must contain an agent to populate the gating criteria.
- Per-request policy subroutine
- Part of a per-request policy in which you configure a type of authentication to use for step-up authentication.
- Per-request policy subroutine gating criteria setting
- A setting that is blank or contains a perflow variable that specifies a distinct value that represents a reason to run step-up authentication.