Advanced Authentication Service › Getting Started with Advanced Authentication › Information Required to Configure the Advanced Authentication Service › Selected Credential Types and Authentication Flows

Selected Credential Types and Authentication Flows

As a first step, the tenant must decide on the types of credentials and flows to be enabled to protect different applications and resources.

A hosting administrator would require the following information from the tenant:

• Primary credential types to be enabled. The available options are as follows:
  • ArcotID PKI
  • ArcotID OTP
  • Risk Evaluation
  • Security Code
• Advanced Authentication flows to be enabled, and the secondary authentication mechanisms to be enabled for each flow. A tenant can use multiple secondary authentication mechanisms for a flow.

  The available flows are as follows:

  • ArcotID PKI Only
  • ArcotID PKI with Risk
  • ArcotID OTP Only
  • ArcotID OTP with Risk

  The available secondary authentication mechanisms are as follows:

  • Security Question
  • Security Code over Email
  • Security Code over SMS
  • Security Code over Voice

  In addition to selecting the mechanisms, the tenant can also specify whether two-step authentication must be enforced for a particular scenario.

  As secondary authentication is typically invoked when performing sensitive tasks, it is recommended that a combination of these authentication mechanisms be chained together for enhanced security.

  Note: For information about the Security Question mechanism (question and answer pairs), see CA IdentityMinder documentation.