Combination of 1st and second factors (Main and Meta Authenticator) | | Combination of 1st and second authentication factors. Migration hint Combine corresponding authentication steps in the authentication flow. Examples: - Username Password Authentication Step as the first authentication flow step.
- Airlock 2FA Step for Authentication as the second authentication flow step.
- Mandatory Password Change Step as the third authentication flow step.
|
| | If multiple available, the user selects 2nd factor. Migration hint Use the Selection Step in the authentication flow. If more than one selection option is available (depending on the configured conditions) or if the property Auto Select Only Option is disabled, the end-user has to choose the option to use. |
Remember last user selection | | Remember the option selected by the user and store this information. The stored selected option is checked when the end-user is asked to choose an option the next time. Migration hint Use the property Last Selection Repository in the Selection Step. |
Auth method selects 2nd factor | | The authentication method stored in the user repository chooses the 2nd authentication factor. Migration hint Use the Selection Step in combination with the Active Authentication Method condition. |
| | Do not give away information about which factor failed and protect against user name enumeration. Migration hint Use the check box Prevent User Enumeration in the Authentication Flow. The Loginapp REST UI only supports username enumeration protection. There is no more simulation of second factors. |
Credential-based 2nd-factor selection | | By entering a configured keyword (e.g. SMS) instead of an OTP token, the end-user can change the 2nd factor during the login process. Migration hint Switching to different authentication steps can be achieved by displaying buttons (with goto-targets in the REST API) in conjunction with selection. Example with two 2nd factors: - Use the Selection Step with multiple 2nd factors.
- Use the condition Always Selectable for the default 2nd factor.
- Use the Logical NOT condition with the Always Selectable condition for the other 2nd factor.
- In the default second factor's first authentication step, configure an Interactive Goto Target pointing to the first authentication step of the other selection option.
Note that both involved authentication steps must have a Step ID configured. |
Role-based 2nd-factor selection | | The end user's set of roles determines the selection the second factor Migration hint Use the Role-Based Tag Acquisition Step to convert roles to tags (if required). In the Selection Step use the Has Tag condition to select the corresponding 2nd-factor flow. |
Display last login timestamp (AI-13510) | | Display timestamp of last login after the first authentication step. Migration hint Enable the feature in the authentication flow's Default Authentication Processor. If using the Custom Flow Processors plugin instead, add the plugin Latest Authentication Feedback Processor to enable the feature. |