Authentication Service
The authentication service is responsible for secure and reliable user authentication. And it is designed to support the following core features: 1. User Authentication Methods
The service supports various authentication methods that can be configured according to your application's security policies. These methods include:
Password-based
Passkeys
Authenticator Apps
Voice-based Authentication
SMS-based Authentication
Email-based Authentication
Each authentication method can be enabled or disabled based on the organization's security requirements.
Example: You might configure the system to require SMS-based authentication for all users, while enabling email-based authentication for password recovery.
User Authentication Sessions define the duration for which all activities within the session remain valid. Factors such as switching countries, changing networks, using a new device, altering geographic location, or prolonged inactivity can influence session validity. remains logged in without needing to authenticate again. Session length can be customized to enhance security and user convenience:
Short-lived sessions (e.g., 1 day): Automatically log out users after a short period, ideal for high-security environments.
Medium-lived sessions (e.g., 7 days): Retain sessions for a week, reducing the frequency of logins while maintaining security.
Persistent sessions: Users remain logged in until they explicitly log out, ideal for environments where convenience is prioritized over strict security.
Example: For a banking app, you may choose to set short-lived sessions (1 day) for extra security, while for an internal company portal, 7-day sessions might be more appropriate.
Authentication Assurance Levels: MFA? Biometrics? what you want he? you want the user to login every time? or enable sso?
Step-Up Authentication: Triggerable on assertions per relying party application. Sometime u need mfa sometime not
Security: How often is the username allowed to be triggered? 5 time?
Last updated