This feature allows authentication requirements to vary depending on the context of the authentication request. Customers can configure a Contextual Authentication Policy that skips the authentication requirement when certain Contextual Authentication Rules are met, so that a password and/or one-time passcode is only required in high risk situations.
Contextual Authentication Conditions can check for Trusted Network and or for Known Device. The Trusted Network condition is based on determination of the IP address of the connecting user and whether that address falls inside a configurable set of trusted IP address ranges. The Known Device rule is based on the determination of whether the user previously authenticated from the same browser-device pair within a configurable time window.
Context Based Authentication is being introduced for SAML authentication only in SafeNet Authentication Service Cloud Edition.
Enhanced User Login for SAML
A new optional user experience for SAML authentication has been enabled in SafeNet Authentication Service Cloud Edition, referred to as Enhanced User Login for SAML. This includes the following functional improvements:
• New and improved SAML Login user interface
• Change to the login flow whereby the user ID is submitted by the user before any additional login credentials are prompted for
• Automatic initiation of push, SMS, or GrIDsure authentication challenge under certain conditions
• A Remember Me on this Device option, enabling the user ID to be auto-filled in subsequent login attempts to SAML applications
• Additional context is provided to the user as they log in, with their username and name of the application being accessed displayed throughout the login flow
The Enhanced User Login for SAML feature is optional and controlled on a per SAML Service Provider basis in customers’ accounts. Customers have full control over the transition to the new user experience. The feature also introduces new customization parameters to control specific User Interface attributes.