Configuration of required roles in target applications

  • Config Editor location:
  • MAIN SETTINGS  > Application Settings
  • or: Login Application >  Application Settings

For the applications accessible after Step-Up, at least the property Required Roles must be defined:


When accessing the corresponding target application, the login application checks if the user has at least one of the configured role(s).

If not, the Step-Up rules in the authentication settings are consulted in order to find a way that may result in the missing role (see below).

Application-triggered step-up

To enable application-triggered step-up for the target application, use the configuration property URL-triggered Step-Up Roles (in the Advanced Settings group).

To trigger the step-up process from an application, the application must redirect the browser to the following URL


The <back-redirect-address> must match the Allowed Urls in the Target Application.