Skip to main content

Step-up

Step-up is a way to "upgrade" the current level of authentication. This is useful when:

  • A specific task requires the user to have logged in with two-factor authentication but you don't want or need all your users to log in with two-factor authentication all the time.
  • A specific widget can only be seen when the user is logged in using Facebook because it uses the Facebook Graph API.
  • At some point in your process you need data from a third-party authentication provider, such as the user's Chamber of Commerce number from eHerkenning or their BSN from DigiD.
  • You want users to log in using multiple providers (such as Google and Facebook) to add an extra layer of security.

Step-up can be configured by adding a Security profile to a platform role or casetype role. Grant the role permissions to perform activities and view widgets as normal, and then add users to the role. When a user encounters an activity or widget for which they have the correct role but for which they do not comply with the security profile, the user will be asked to perform a step-up.

For example, when the user attempts to perform an activity, a dialog is displayed:

When a user opens a view, a message is displayed in place of the relevant widget:

When the user performs the step-up, they are prompted to satisfy the security requirements listed in the relevant security profile. Once they have met all the requirements, they can perform the activity and/or view the widgets.