- 28 Oct 2024
- 1 Minute à lire
- SombreLumière
Use Case Scenario: Login with Step-Up Authentication
- Mis à jour le 28 Oct 2024
- 1 Minute à lire
- SombreLumière
Involved OneSpan solutions:
Intelligent Adaptive Authentication
Mobile Security Suite
Workflow tree in Access Manager:
About this scenario
This scenario occurs after creating a new account on the MyBank page and simulates a login with a changed browser environment. Because in this case, Intelligent Adaptive Authentication considers this a high-risk action, additional user authentication is required for a successful login.
Before you begin
Before you can begin this scenario, you must have completed Use case scenario: Registration.
Walkthrough: Login step-up authentication
To log in with step-up authentication
After the user registration process has completed, click Sign-out to leave your Account page and return to the MyBank page.
Inspect the information panel on the MyBank page. The fingerprint value is default.
Click the Settings icon in the main toolbar.
In the TrustedIDentity tab, type a different PC fingerprint value. You can also click the Generate button to create a random fingerprint value.
Click Save to apply the change and close the Settings dialog.
Inspect the information panel on the OneSpan for ForgeRock Demo website. The fingerprint value has now changed to the specified value.
On the MyBank page, click Login.
Intelligent Adaptive Authentication assesses the risk of this action. Because the browser fingerprint has changed, step-up authentication is required and the Login dialog is displayed.
Type your user name and click Submit.
On your mobile device, tap Yes to confirm that you want to authenticate.
If required, type your PIN to complete the login process.
To view the tree in Access Manager
From the ForgeRock Landing Service, open the Access Manager.
If required, log in with the credentials that are displayed when hovering over the Access Manager link on the ForgeRock Landing Service.
Click Top Level Realm.
Select Authentication > Trees from the sidebar menu.
Click OneSpanUserLoginTree and view the individual nodes of the workflow.
You can also modify the workflow by adding and connecting tree nodes as needed.
For a list of available OneSpan trees and nodes, see Overview of OneSpan authentication trees and nodes.
Additional considerations
The PIN defined for the OneSpan TID IAA Mobile Demo App is known by the device only and not shared with the server.
Next steps
After completing this scenario, you can continue with Use case scenario: Event validation.