Scenarios

Various scenarios are provided as examples out-of-the-box. Policies for these scenarios can be configured using a Wizard on the new Scenarios screen. It is available at AAC > Authentication > Scenarios.

There are four potential scenarios that can be configured. The wizard prompts for the required information to generate each policy.

Generic Decision Policy

Prompts the user to choose from a generic list of branches based off the branch name.Example Branching_Generic mapping rule includes:

BranchingHelper.js
state.put("decision", branch);

Overwrites @BRANCHES@ macro

Second Factor Authentication Policy

Prompts the user to choose a second factor method to complete. The list of available second factor methods is based off their enrollments.Example Branching_SecondFactor mapping rule includes:

BranchingHelper.js
state.put("decision", branch);

Username-less Login Policy

Prompts the user to complete QR Code Loginby initially sending them to the QR Code branch with no input. On the QR Code Login page the user can choose to perform FIDO2/WebAuthn username-less or standard username/password authentication instead.Example Branching_Usernameless mapping rule includes:

BranchingHelper.js
state.put("decision", branch);
state.get("wasReset");
state.put("operation", "verify");

MMFA with TOTP Fallback Policy

Similar to Username-less, the user is not offered a choice and is initially prompted to complete Mobile Multi-Factor authentication. While on the MMFA pending page, the user can choose to perform TOTP authentication instead. This policy supports the scenario where a user may not have internet connectivity on their device.Example Branching_MMFAWithTOTP mapping rule includes:

BranchingHelper.js 
state.put("decision", branch);
state.get("wasReset");

Parent topic: Branching Authentication Policies