Authentication flow

Authentication flow

One of the Cloud Identity JavaScript mapping rules provided out of the box is the Authentication rule, which operates at a high level as follows.

Action Result

Empty or "initiate" Produce a landing page with all authentication methods listed such the user can choose which method they would like to perform authentication with.

"chooseMethod" Create a transaction (if required) and return a page relevant to the chosen method. Waiting page for IBM Verify, OTP input page for SMS/Email/Time-Based OTP, and OTP delivery detail input page for Transient Email/SMS.

"submitTransient" Create a transient transaction with the given OTP delivery detail. Returns a OTP input page.

"verifyOTP" Send the OTP to Cloud Identity for verification. If the verification succeeds, progress to the next step in the policy. If verification fails, display an error to the user.

"checkVerify" Check the status of the IBM Verify transaction. If the transaction was successful progress to the next step in the policy, otherwise display an error to the user.

Several parameters can be modified at the beginning of the mapping rule to control different behavior:

Variable Affect Affect

otpCorrelation Correlation to use in SMS and Email OTP transactions. "Verify Access verification"

enabledMethods The type of methods to display to a user, if enrolled. ["Verify", "SMSOTP" "EmailOTP", "TOTP", "TransientEmail", "TransientSMS"]

verifyTransactionMessage The transaction message to send when creating Verify transactions. "You have a pending authentication challenge."

expandVerifyMethods A boolean indicating whether all available Verify methods should be displayed to the user, or only one (which is the highest priority in verifyMethodPriority). false

verifyMethodPriority Priority of Verify methods to display if expandVerifyMethods is false. ["face", "iris", "retina", "eye", "fingerprint", "userpresence"]

jitMethodEnrollment A boolean indicating whether to redirect to the USC flow if no enrollments are found. false

Parent topic: Cloud Identity API Integration

Action	Result
Empty or "initiate"	Produce a landing page with all authentication methods listed such the user can choose which method they would like to perform authentication with.
"chooseMethod"	Create a transaction (if required) and return a page relevant to the chosen method. Waiting page for IBM Verify, OTP input page for SMS/Email/Time-Based OTP, and OTP delivery detail input page for Transient Email/SMS.
"submitTransient"	Create a transient transaction with the given OTP delivery detail. Returns a OTP input page.
"verifyOTP"	Send the OTP to Cloud Identity for verification. If the verification succeeds, progress to the next step in the policy. If verification fails, display an error to the user.
"checkVerify"	Check the status of the IBM Verify transaction. If the transaction was successful progress to the next step in the policy, otherwise display an error to the user.

Variable	Affect	Affect
otpCorrelation	Correlation to use in SMS and Email OTP transactions.	"Verify Access verification"
enabledMethods	The type of methods to display to a user, if enrolled.	["Verify", "SMSOTP" "EmailOTP", "TOTP", "TransientEmail", "TransientSMS"]
verifyTransactionMessage	The transaction message to send when creating Verify transactions.	"You have a pending authentication challenge."
expandVerifyMethods	A boolean indicating whether all available Verify methods should be displayed to the user, or only one (which is the highest priority in verifyMethodPriority).	false
verifyMethodPriority	Priority of Verify methods to display if expandVerifyMethods is false.	["face", "iris", "retina", "eye", "fingerprint", "userpresence"]
jitMethodEnrollment	A boolean indicating whether to redirect to the USC flow if no enrollments are found.	false