Step-up authentication

We can use protected object policies (POPs) to enforce certain access conditions on specific resources. The authentication strength policy makes it possible to control access to objects based on authentication method.

We can use this functionality, sometimes known as step-up authentication, to ensure that users who access more sensitive resources use a stronger authentication mechanism. We might want this condition because of the greater threat of improper access to certain resources.

For example, we can provide greater security to a junctioned region of the protected object space. Apply a step-up POP policy that requires a stronger level of authentication than the client used when initially entering the domain.

The authentication strength policy is set in the IP endpoint authentication method attribute of a POP policy.

Parent topic: Protected object policy management