VIP AuthHub - how can AuthHub challenge user with a specific MFA challenge based on user type within a ZFP flow
search cancel

VIP AuthHub - how can AuthHub challenge user with a specific MFA challenge based on user type within a ZFP flow

book

Article ID: 380046

calendar_today

Updated On:

Products

VIP Authentication Hub

Issue/Introduction

Use case as follows 

-  ZFP integration between SiteMinder and VIP Auth Hub.

- user can get authenticated in siteminder in 3 different types.

- use case is to trigger specific MFA challenge by user type for example for user1 trigger OTP_SMS, for user2 trigger IDP MFA. etc. 

Environment

All AuthHub Releases 

Resolution

This can be done by setting up authn policy using user attribute expressions builder.  


If the attributes are mutually exclusive, setup a rule per condition in one policy, or you can do policy/rule per condition.


Please see guide for how to setup the Auth Policy with Expressions --> https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/3-2/Admin-Console/Admin-Console-Policies/adminconsole-authentication-policy.html


Also following the Link for the Expressions Supported in Authentication Policies --> https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/3-2/Using/Management-APIs/PolicyManagement/expressions-supported-in-authentication-hub-policies.html