Default-Mapping Rules

You can use several mapping rules that are immediately available as examples of typical branching policy flows.

Generic Rule and Template

The Generic rule extracts only the branch names from the policy and provides those names to the template page to display to the user. The user then picks a branch that is based only on the name.

For example, a policy with two branches called “Forgotten Username” and “Forgotten Password”. A template page with those two names as individual options is displayed to the user.

Second Factor Rule and Template

The Second Factor rule fetches a user’s enrollment status and displays the three most used second factor options to the user. The template displays relevant information for each second factor mechanism. For example, device name for MMFA Authenticator. The user must be authenticated to use this mapping rule and template.

MMFA and TOTP Fallback

The MMFA with TOTP Fallback defaults are a subset of the Second Factor rule and template page. The rule is simpler but also demonstrates the server automatically choosing an option for the user, but allows them to return and choose a fallback method.

Username-less Login

The Username-less Login rule does not require a user to be logged in, and automatically displays the QR Code for login. It also offers the user the choice to do a FIDO2 username-less login instead.

FIDO2 Platform Authenticator Inline Registration (PAIR)

The following mapping rules are used in the FIDO2 PAIR flow:

Authentication decision mapping rule: Determines whether the user is already authenticated, or whether to prompt for FIDO2 or username and password authentication.
Registration decision mapping rule: Used to enroll or skip registration.
Info Map mapping rule: Required to switch between API and browser requests, and is included in the FIDO2 authentication and registration branches.

Identifier First Authenticatio (IFA)

The IFA scenario utilizes multiple mapping rules in both decisions and InfoMap mechanisms.

Branching_IdentiferFirstAuth: The first decision in the policy fetches the username and returns a choice of authentication methods to the user based on the scenario wizard configuration and the methods that the user has enrolled.
IFA_Credential_Complete: After successful authentication, the details of the MMFA or FIDO2/WebAuthn registration used to perform authentication are added to the user’s credential.
IFA_Prep_FIDO2_PAIR: Determines if the user should be prompted to complete the registration step of the FIDO2 PAIR.
FIDO2PAIR_Reg_Decision: Used to enroll or skip registration.
FIDO2PAIR_Completed_InfoMap: Required to switch between API and browser requests.