The following table provides information about the availability of JSP-Loginapp features in the Loginapp REST UI and high-level migration hints (where available).
Information about the availability of upcoming releases is indicative and subject to change.
Please note the additional information on discontinued functions (see link below).
Version information about features not yet available will be updated or clarified as soon as known.
Note that the specified release versions are indicative and subject to change.
The following notation is used to indicate release versions (examples):
- ●7.7: planned for IAM 7.7
- ●> 7.7: planned for an IAM release after 7.7
- ●>= 7.7: planned for IAM 7.7 or later
2-factor authentication (Main and Meta Authenticator)
Feature | Version | Description and migration hints |
Combination of 1st and second factors (Main and Meta Authenticator) | 7.1 | Combination of 1st and second authentication factors. Migration hint Combine corresponding authentication steps in the authentication flow. Examples:
|
User selects 2nd factor | 7.1 | If multiple available, the user selects 2nd factor. Migration hint Use the Selection Step in the authentication flow. If more than one selection option is available (depending on the configured conditions) or if the property Auto Select Only Option is disabled, the end-user has to choose the option to use. |
Remember last user selection | 7.3 | Remember the option selected by the user and store this information. The stored selected option is checked when the end-user is asked to choose an option the next time. Migration hint Use the property Last Selection Repository in the Selection Step. |
Auth method selects 2nd factor | 7.1 | The authentication method stored in the user repository chooses the 2nd authentication factor. Migration hint Use the Selection Step in combination with the Active Authentication Method condition. |
Stealth mode | 7.3 | Do not give away information about which factor failed and protect against user name enumeration. Migration hint Use the check box Prevent User Enumeration in the Authentication Flow. The Loginapp REST UI only supports username enumeration protection. There is no more simulation of second factors. |
Credential-based 2nd-factor selection | 7.3 | By entering a configured keyword (e.g. SMS) instead of an OTP token, the end-user can change the 2nd factor during the login process. Migration hint Switching to different authentication steps can be achieved by displaying buttons (with goto-targets in the REST API) in conjunction with selection. Example with two 2nd factors:
Note that both involved authentication steps must have a Step ID configured. |
Role-based 2nd-factor selection | 7.3 | The end user's set of roles determines the selection the second factor Migration hint Use the Role-Based Tag Acquisition Step to convert roles to tags (if required). In the Selection Step use the Has Tag condition to select the corresponding 2nd-factor flow. |
Display last login timestamp (AI-13510) | 7.5 | Display timestamp of last login after the first authentication step. Migration hint Enable the feature in the authentication flow's Default Authentication Processor. If using the Custom Flow Processors plugin instead, add the plugin Latest Authentication Feedback Processor to enable the feature. |
Various
Feature | Version | Description and migration hints |
Step-up authentication | 7.1 | Ask only for 2nd factor if a previous authentication process already verified the first factor. Migration hint Use two separate Authentication Flows (in different Target Applications): one with weak and one with strong authentication. Issue a tag after successful weak authentication (e.g. PASSWORD_VERIFIED). In the strong authentication flow, use this tag as a skip condition for the first authentication step. |
Risk-based authentication (AI-13514) | 7.7 | Omit 2nd authentication factor based on a risk assessment of the user session. |
Remember-me (AI-13101) | 7.6 | Remember-me ("stay logged in") checkbox on login page. The end-user may also choose to log out of all other browsers at the same time. |
Fallback Authenticator (AI-13512) | on request only | Fall back to an alternative authentication method if the first method fails. |
User-based authentication selection (AI-13513) | on request only | Authenticator plugin is chosen based on the username (pattern matching) at beginning of authentication. |