Reporting log attribute: Factor and factor_detail

factor

Description

factor_detail

Description

certificate

Authentication factors based on X.509 certificates and PKI infrastructure.

No factor details are provided for X.509 certificate authentication.

cram

cram = Challenge-Response Authentication Mechanism (e.g. https://csrc.nist.gov/glossary/term/CRAM)

Authentication factors based on challenge-response mechanisms where the user must take some action to either calculate or approve the calculation of a response.

airlock_2fa_one_touch

One-Touch (Push) authentication with Airlock 2FA.

airlock_2fa_mobile_only

Airlock 2FA authentication involving only a mobile device.

airlock_2fa_qr_code

Airlock 2FA authentication using a QR code.

cronto

A technology provided by OneSpan (Vasco)

matrixcard

Also known as "scratch list"

otp

otp = One Time Password

Authentication factors based on one time passwords where the user must receive and return the one time password. This may involve hardware tokens or multiple communication channels.

airlock_2fa_passcode

Passcode authentication with Airlock 2FA

digipass

A technology provided by OneSpan (Vasco)

email

An OTP sent by email

mtan

An OTP sent to a mobile phone

oath

A TOTP calculated on a smartphone using an App

radius

An implementation of the RADIUS protocol. 

password

Authentication factors based on knowledge: username/password, username/PIN, secret questions

No factor details are provided for username password authentication

preauth

States that the user cannot be authenticated using Airlock 2FA (before an actual factor is chosen).

airlock_2fa

May occur in the following scenarios:

  • The Airlock 2FA account is locked in the Futurae cloud.
  • The user has no enrolled Airlock 2FA tokens.

token

Authentication factors based on tokens or tickets where the client must present a (bearer-) token to prove his authorization to act on behalf of the user.

iak

A method using an initial activation key (e.g. activation letter)

kerberos

A method implementing the kerberos protocol

oauth2

A method implementing the OAuth 2.0 specification

saml

A method implementing the SAML 2.0 specification

Availability of authentication data

Authentication processes will provide factor information for the reporting logs if their components have been enhanced to produce such metadata. More specifically, authentication flow steps must return AuthenticationStepResults (REST engine) and AuthenticationResults must contain AuthenticationFactorInfo with AuthenticationFactorInfoItems (classic engine). IAM product components already provide such metadata. In order to benefit from detailed reporting data, custom components should also be enhanced to provide such metadata.