Overview: Step-up Authentication

Quick Definition

Step-up Authentication is an additional step in a login or authentication workflow in which a user is asked to provide additional confirmation of their identity. Step-up authentication is generally used when the results of an initial authentication attempt are either uncertain or rejected, and provides a further opportunity for the user to prove their identity using an identity factor that they have not yet provided.

For example, if a user logging in to a Plurilock ADAPT-enabled workflow is able to provide the correct username and password, yet their identity score falls slightly below the configured threshold for a positive decision, they may be prompted to provide step-up authentication in the form of an SMS code or an email link click. If they are able to provide this further proof of their identity, they may then be logged in.

Step-up authentication enables administrators to manage boundary cases in authentication without the need for manual intervention and without the need to unnecessarily exclude legitimate users. Less positively, however, step-up authentication represents an additional workflow step that may drive user frustration or harm user productivity. This drawback is a key factor in the adoption of Plurilock products, which reduce instances of step-up authentication by over 90 percent.