Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Title

Description

File

Standard Username and Password Authentication

The user has not opted into passwordless authentication, and the service provider only requires password authentication. This demonstrates a standard, basic, username and password flow.

not-opted-in-requires-single-factor.mov

Opt-In To Passwordless Authentication

The service provider requires multi-factor authentication, the user performs multi-factor with Duo and uses a second factor that is acceptable for passwordless. The user opts-in to passwordless and uses that as the sole factor on the next authentication.

not-opted-in-requires-mfa-uses-correct-factor-and-opts-in.mov

Unable To Opt-In to Passwordless Authentication

The service provider requires multi-factor authentication, the user performs multi-factor with Duo but uses a second factor that is unacceptable for passwordless. The user can not user use passwordless for subsequent authentications.

opted-in-requires-mfa-not-eligble-for-passwordless-wrong-factor.mov

Opt-In To Passwordless, But Then Uses an Unacceptable Factor For Passwordless

The service provider requires multi-factor authentication, the user performs multi-factor with Duo and uses a second factor that is acceptable for passwordless. Opts-in to passwordless. However, for the subsequent passwordless authentication they change to an unacceptable sole factor. The login fails.

opted-in-but-used-unacceptable-factor.mov

Already Opted-In To Passwordless, But Chooses The Password Flow

The user has previously opted-in to passwordless authentication but decides to use username and password authentication instead.

opted-in-chooses-username-password-flow.mov

A Different User Using the Same Browser Opted-In

A different user, using the same browser, opted-in to passwordless authentication. The current user recognises it is not them (and their credentials would not work) and uses the ‘Not You’ link.

different-user-opted-in.mov

Administrative Flow for User Control Of Opt-In Status

The user signs into the administrative endpoint to manage their passwordless opt-in status (cookie)

admin-flow-user.mov

Administrative Flow for Admin User Control Of Opt-In Status and Username

A user, with administrative rights, signs into the administrative endpoint to manage both their passwordless opt-in status (cookie) and the username stored inside the cookie.

admin-flow-administrator.mov

Duo Integration Considerations

...