We are delighted to share our new EIC Delivery Methodology for efficiently managing Saviynt Implementations and delivering quick time to value. CLICK HERE.

Did you know? You can configure and use Step up authentication in SSM

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on August 14 2020 at 16:27 UTC





  1. What is Step up authentication?

Process by which a user is challenged to produce additional forms of authentication to provide high level of assurance that the user is who he claims to be. It makes sure that users can access some resources with one set of credentials but will prompt them for more credentials w¬hen they request access to high risk resources.


  1. Why do you need Step up authentication?

Use cases for step up authentication

  1. Users want to access certain resources seamlessly, but enterprise want to verify user’s identities before they access anything more sensitive such as helpdesk personnel resetting password for user or user accounts
  2. Users need access to data to complete everyday work, but occasionally need access to private data that would cause damage if exposed.


  1. What are the Step up authentication methods supported by SSM?
  1. One-time password (OTP) through email and SMS
  2. Knowledge based answers (KBA) – Preconfigured security question and answers


  1. Where can you leverage Step up authentication in SSM?

Password Management use cases

Change password, forgot password, Reset Security and answers, Change account password for self, reset account password for others/self, Reset user password for account/self


  1. What is the default step up authentication for Forgot password feature?

Default step up method for Forgot password feature in KBA if step up is not configured


  1. Where can you configure Step up Authentication in SSM?

Go to Admin>Global configuration>Step up authentication

  1. You can configure Step up authentication for password management



  1. You can set up OTP configurations here


  1. How is OTP created, managed and delivered in SSM?

Creation and management via

  1. Internal OTP generator within SSM

Delivered via

  1. SMS
  2. Email


  1. What exciting Step up authentication additions can you expect in near future?
  1. External OTP provider support
  2. Persisting Step up for preconfigured time period
  3. Support Step up for more high-risk actions such as Emergency Access request/approvals, campaign, PAM
  4. Support Step up methods such as google authenticator, Microsoft authenticator
  5. Adaptive authentication









This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.
1 REPLY 1

Community_User
Saviynt Employee
Saviynt Employee
Originally posted on August 19 2020 at 03:46 UTC

Thanks Aarthi.

This message was previously posted on Saviynt's legacy forum by a community user and has been moved over to this forum for continued exposure.