What is step-up authentication?

APM supports step-up authentication using per-request policy subroutines. With step-up authentication, the system can authenticate a user at any time during a session. This functionality is useful, for example, when making access to an application generally available for all users, but wanting to limit access to specific areas of the application to a shorter list of authorized users. You can also have the system prompt users for credentials after a configured period of time.

Subroutines can save authenticated credentials in session variables that can be shared between subroutines. In this case, the session variables in the subroutine have to be configured the same as they are in the Assign Credential agent. This agent takes the username and password session variables and stores them as perflow variables for the subsession. So the Assign Credential agent needs to be located in the policy before the subroutine that needs to reuse the credentials.