Predefined authentication policies

Predefined authentication policies

Authentication policies are workflows. They specify the authentication mechanisms that are required so the user can access a resource.
Each step in the workflow consists of an authentication mechanism. Each mechanism has requirements with which the user must comply to successfully authenticate. Most authentication policies require the user present some credentials, but some requirements can be completed without any user action. The following table describes the predefined authentication policies:
Policy The user authenticates

Consent Register Device When prompted for consent to register a device. Optionally, the user can assign a name to the device to be registered.

Email One-Time Password With a one-time password that is delivered by email. The one-time password value is generated and verified with the MAC one-time password.

HOTP One-Time Password With a counter-based, one-time password. No one-time password delivery is required. The one-time password value is verified with the HOTP one-time password provider.

One-Time Password With a one-time password. The user is prompted for the type of one-time password to use.

RSA One-Time Password With an RSA one-time password. No one-time password delivery is required. The one-time password value is verified with the RSA one-time password provider. The RSA one-time password provider uses the RSA Authentication Manager.

MAC One-Time Password With a MAC one-time password. The user is prompted for a password delivery method.

SMS One-Time Password With a one-time password that is delivered by SMS. The one-time password value is generated and verified with the MAC one-time password provider.

TOTP One-Time Password With a time-based one-time password. No one-time password delivery is required. The one-time password value is verified with the TOTP one-time password provider.

Username Password With a user name and password.

Two-factor - Username Password and HOTP With a user name and password and an HOTP one-time password.

Two-factor - Username Password and MAC With a user name and password and a MAC one-time password.

Two-factor - Username Password and RSA With a user name and password and an RSA one-time password.

Two-factor - Username Password and TOTP With a user name and password and a TOTP one-time password.

Two-factor - Username Password and OTP With a user name and password and a MAC one-time password. The user is prompted to select the type of one-time password to use.

Two-factor - Username Password and Email With a user name and password and a MAC one-time password. The one-time password is delivered through email.

Two-factor - Username Password and SMS With a user name and password and a MAC one-time password. The one-time password is delivered through SMS.

End-User License Agreement With the End-User License Agreement.

Two factor - Username Password and End-User License Agreement With a user name and password and the End-User License Agreement.

Knowledge Questions With knowledge questions.

Two-factor - Username Password and Knowledge Questions With both of the following:

User name and password
Knowledge questions

FIDO Universal 2nd Factor With a registered FIDO Universal 2nd Factor token.

Parent topic: Authentication policies

Policy	The user authenticates
Consent Register Device	When prompted for consent to register a device. Optionally, the user can assign a name to the device to be registered.
Email One-Time Password	With a one-time password that is delivered by email. The one-time password value is generated and verified with the MAC one-time password.
HOTP One-Time Password	With a counter-based, one-time password. No one-time password delivery is required. The one-time password value is verified with the HOTP one-time password provider.
One-Time Password	With a one-time password. The user is prompted for the type of one-time password to use.
RSA One-Time Password	With an RSA one-time password. No one-time password delivery is required. The one-time password value is verified with the RSA one-time password provider. The RSA one-time password provider uses the RSA Authentication Manager.
MAC One-Time Password	With a MAC one-time password. The user is prompted for a password delivery method.
SMS One-Time Password	With a one-time password that is delivered by SMS. The one-time password value is generated and verified with the MAC one-time password provider.
TOTP One-Time Password	With a time-based one-time password. No one-time password delivery is required. The one-time password value is verified with the TOTP one-time password provider.
Username Password	With a user name and password.
Two-factor - Username Password and HOTP	With a user name and password and an HOTP one-time password.
Two-factor - Username Password and MAC	With a user name and password and a MAC one-time password.
Two-factor - Username Password and RSA	With a user name and password and an RSA one-time password.
Two-factor - Username Password and TOTP	With a user name and password and a TOTP one-time password.
Two-factor - Username Password and OTP	With a user name and password and a MAC one-time password. The user is prompted to select the type of one-time password to use.
Two-factor - Username Password and Email	With a user name and password and a MAC one-time password. The one-time password is delivered through email.
Two-factor - Username Password and SMS	With a user name and password and a MAC one-time password. The one-time password is delivered through SMS.
End-User License Agreement	With the End-User License Agreement.
Two factor - Username Password and End-User License Agreement	With a user name and password and the End-User License Agreement.
Knowledge Questions	With knowledge questions.
Two-factor - Username Password and Knowledge Questions	With both of the following: User name and password Knowledge questions
FIDO Universal 2nd Factor	With a registered FIDO Universal 2nd Factor token.