...
Title | Description | File |
---|---|---|
Standard Username and Password Authentication | The user has not opted into passwordless authentication, and the service provider only requires password authentication. This demonstrates a standard, basic, username and password flow. | |
Opt-In To Passwordless Authentication | The service provider requires multi-factor authentication, the user performs multi-factor with Duo and uses a second factor that is acceptable for passwordless. The user opts-in to passwordless and uses that as the sole factor on the next authentication. | not-opted-in-requires-mfa-uses-correct-factor-and-opts-in.mov |
Unable To Opt-In to Passwordless Authentication | The service provider requires multi-factor authentication, the user performs multi-factor with Duo but uses a second factor that is unacceptable for passwordless. The user can not user use passwordless for subsequent authentications. | opted-in-requires-mfa-not-eligble-for-passwordless-wrong-factor.mov |
Opt-In To Passwordless, But Then Uses an Unacceptable Factor For Passwordless | The service provider requires multi-factor authentication, the user performs multi-factor with Duo and uses a second factor that is acceptable for passwordless. Opts-in to passwordless. However, for the subsequent passwordless authentication they change to an unacceptable sole factor. The login fails. | |
Already Opted-In To Passwordless, But Chooses The Password Flow | The user has previously opted-in to passwordless authentication but decides to use username and password authentication instead. | |
A Different User Using the Same Browser Opted-In | A different user, using the same browser, opted-in to passwordless authentication. The current user recognises it is not them (and their credentials would not work) and uses the ‘Not You’ link. | |
Administrative Flow for User Control Of Opt-In Status | The user signs into the administrative endpoint to manage their passwordless opt-in status (cookie) | |
Administrative Flow for Admin User Control Of Opt-In Status and Username | A user, with administrative rights, signs into the administrative endpoint to manage both their passwordless opt-in status (cookie) and the username stored inside the cookie. |
Duo Integration Considerations
...