Configuration of required roles in target applications

• Config Editor location:
• MAIN SETTINGS  > Application Settings
• or: Login Application >  Application Settings

For the applications accessible after Step-Up, at least the property Required Roles must be defined:

When accessing the corresponding target application, the login application checks if the user has at least one of the configured role(s).

If not, the Step-Up rules in the authentication settings are consulted in order to find a way that may result in the missing role (see below).

To enable application-triggered step-up for the target application, use the configuration property URL-triggered Step-Up Roles (in the Advanced Settings group).

To trigger the step-up process from an application, the application must redirect the browser to the following URL

https://<domain>/<iam-path>/check-login?stepup=true&Location=<back-redirect-address>

The <back-redirect-address> must match the Allowed Urls in the Target Application.