End User Enrollment for Advanced Authentication

Advanced Authentication Service › Getting Started with Advanced Authentication › Advanced Authentication Flows › End User Enrollment for Advanced Authentication

End User Enrollment for Advanced Authentication

If an application or resource is protected using advanced authentication credentials, an end user who accesses the resource for the first time is prompted to enroll for the credentials. However, only existing users, that is, registered CA CloudMinder users, are prompted for advanced authentication credential enrollment.

The advanced authentication credential enrollment process for an end user is as follows:

On the login page for the resource, the end user is prompted for their user name and LDAP password.
If authentication is successful, the end user is prompted for the following information:
- Email ID and phone number to verify the end user's identity.
- (For ArcotID PKI only) Whether to trust the end user's device. If this option is selected, then the ArcotID PKI credential is downloaded to the device.
- (For ArcotID OTP only) A PIN to be used during ArcotID OTP authentication.

The end user can now access the protected resource by providing the user name and LDAP password (or OTP if ArcotID OTP is used for authentication). In addition to the user name and password or OTP, the Advanced Authentication service also verifies the ArcotID PKI or ArcotID OTP credential.

The detailed authentication flows are described in the sections that follow.