The following table applies when SOAP uses Cleartext Separate password format
The column Stored Password Proxy Off AND Back-End Auth. Required contains Yes if:
- The Stored Password Proxy feature is not enabled.
- AND back-end authentication is enabled.
In most cases, this does not affect 2-step challenge/response, just when a keyword only is used.
| Logon type | Request method | Stored password proxy off AND back-end authentication required | Input fields required for pre-challenge step | Input fields required for response step |
|---|---|---|---|---|
| Normal logon | Keyword | Yes | Keyword | Password+OTP |
| No | Keyword | OTP | ||
| Password | N/A | Password | OTP | |
| Keyword-Password | N/A | Keyword+Password | OTP | |
| Password-Keyword | N/A | Password+Keyword | OTP | |
| Changed Password | Keyword | N/A | Keyword | Password+OTP |
| Password | N/A | Password | OTP | |
| Keyword-Password | N/A | Keyword+Password | OTP | |
| Password-Keyword | N/A | Password+Keyword | OTP | |
| Self-assignment[1] | N/A | N/A | Password SerialNo (separate parameter)[2] | OTP |
A self-assignment process that uses 2-step challenge/response is always done using the static password. The request method is not applicable until after the authenticator is assigned to the user account.