The Secret Security Wiki

Categories

Home > Wikis > Authentication > Step Up Authentication

Categories

Step Up Authentication

Step up authentication is the process by which a user is challenged to produce additional forms of authentication to provide a higher level of assurance that he is in fact who he claims to be. Step up authentication is typically implemented as part of an adaptive authentication scheme that seeks to match the risk level of the request with the assurance level of the authentication. For example, a user asking to transfer a large sum of money may be challenged with step-up authentication to produce another a one-time passcode to complete the request.

  • What is the difference between step up authentication and multi factor authentication?

    Step up authentication is the process by which the user is challenged to produce additional forms of authentication. Multi-factor authentication is when a user is asked to produce multiple forms of authentication to provide a higher-level of assurance. Step-up authentication therefore utilizes multi-factor authentication.

  • How is SSO affected by step up authentication?

    An SSO may require step up authentication in certain situations where it is asked to provide access to a resource that is determined to be very sensitive. For example, if a user tries to access a sensitive database, then the SSO may trigger a step-up authentication to obtain a higher assurance level for the identity of the user requesting access.

  • Is step up authentication a form of adaptive authentication?

    Step up authentication is when a user is challenged to produce an additional form of authentication, typically in the context of an adaptive authentication solution. When the adaptive authentication logic determines that there is need for an additional form of authentication, then it triggers a step-up authentication.

  • Are there different methods for step up authentication?

    Step up authentication can include any number of authentication methods, including MFA, one-time code over SMS, knowledge-based authentication (KBA), biometrics, etc.