factor / factor_detail
7.4.5.2.2.2. Reporting log attribute: Factor and factor_detail
factor
Description
factor_detail
Description
certificate
Authentication factors based on X.509 certificates and PKI infrastructure.
No factor details are provided for X.509 certificate authentication.
cram
cram = Challenge-Response Authentication Mechanism (e.g. https://csrc.nist.gov/glossary/term/CRAM)
Authentication factors based on challenge-response mechanisms where the user must take some action to either calculate or approve the calculation of a response.
airlock_2fa_one_touch
One-Touch (Push) authentication with Airlock 2FA.
airlock_2fa_mobile_only
Airlock 2FA authentication involving only a mobile device.
airlock_2fa_qr_code
Airlock 2FA authentication using a QR code.
cronto
A technology provided by OneSpan (Vasco)
kobil_ast
A technology provided by Kobil
matrixcard
Also known as "scratch list"
mobile_id
A technology using a key storage in the mobile phone
otp
otp = One Time Password
Authentication factors based on one time passwords where the user must receive and return the one time password. This may involve hardware tokens or multiple communication channels.
airlock_2fa_passcode
Passcode authentication with Airlock 2FA
digipass
A technology provided by OneSpan (Vasco)
email
An OTP sent by email
mtan
An OTP sent to a mobile phone
oath
A TOTP calculated on a smartphone using an App
radius
An implementation of the RADIUS protocol. 
secur_id
A technology provided by RSA
password
Authentication factors based on knowledge: username/password, username/PIN, secret questions
No factor details are provided for password authentication
preauth
States that the user cannot be authenticated using Airlock 2FA (before an actual factor is chosen).
airlock_2fa
May occur in the following scenarios:
  • The Airlock 2FA account is locked in the Futurae cloud.
  • The user has no enrolled Airlock 2FA tokens.
token
Authentication factors based on tokens or tickets where the client must present a (bearer-) token to prove his authorization to act on behalf of the user.
iak
A method using an initial activation key (e.g. activation letter)
kerberos
A method implementing the kerberos protocol
oauth2
A method implementing the OAuth 2.0 specification
saml
A method implementing the SAML 2.0 specification

Availability of authentication data

Authentication processes will provide factor information for the reporting logs if their components have been enhanced to produce such metadata. More specifically, authentication flow steps must return AuthenticationStepResults (REST engine) and AuthenticationResults must contain AuthenticationFactorInfo with AuthenticationFactorInfoItems (classic engine). IAM product components already provide such metadata. In order to benefit from detailed reporting data, custom components should also be enhanced to provide such metadata.