Create custom authentication with the Access Orchestrator
This topic describes how to create custom authentication with a visual editor called Access Orchestrator enabling you to replicate authentication rules from policy to policy or web app to web app.
You can increase compliance with your organization's Multi-factor Authentication (MFA) policies. Different combinations of authentication challenges produce different Authenticator Assurance level (AAL) scores. Higher scores indicate a more secure combination of challenges. The Access Orchestrator enables you to enforce combinations of challenges. This increases your ability to create complex access flows and MFA profiles with AAL scores that align with best practices recommended in NIST SP 800-63b guidelines.
Before you begin
Review Design report queries based on Authenticator Assurance Level (AAL) to learn more about AAL scoring for different combinations of authentication challenges. You can use this information to plan which authentication challenges you want to use when you create access requests.
Create custom access orchestration
The following topics describe how to create and apply an access orchestration with the Access Orchestrator.
You can create different types of access orchestration that are appropriate for the resources you are trying to secure.
For example, you can create access orchestration where if the first challenge is a memorized secret such as a password, then the second challenge must be either a single-factor cryptographic device, an out-of-band device, or a single-factor OTP device. This results in an AAL score of AAL2. Other options for creation include a custom rule-based access request based on the day of the week, secured zones and more.
You can choose from the following options to create custom access orchestration:
Access orchestration type
The Web App option enables you to create a rule-based access orchestration to launch Web Apps with the use of logic and authentication profiles.
The User Portal option enables you to create a rule-based access orchestration to apply to the login process with the use of logic and authentication profiles.
The Authentication option enables you to create an authentication profile to achieve a desired compliance level with the use of challenges and logic.
In this section: