Tivoli Federated Identity Manager provides various authentication mechanisms in the point of contact interface.
The point of contact server is a proxy or application server that interacts with a user, does the authentication, and manages sessions. In a typical deployment, the point of contact is at the edge of a protected network behind a firewall, such as in a demilitarized zone.
The authentication methods available in a deployment are typically determined by the point of contact technology that is used in the environment. Points of contact technologies usually provide simple authentication such as the use of a user name and password.
A step-up authentication is a type of authentication where users who attempt to access sensitive resources are required to provide a specific type of credential. They might be challenged to authenticate and provide an additional set of credentials to prove that they are allowed to access sensitive resources. The one-time password authentication can be used where increased security is required.
A multi-factor authentication is a type of authentication where users are required to provide more than one type of credential to access a protected resource.
A one-time password is a unique password that is used to validate a login session. A one-time password cannot be reused. These restrictions make it less vulnerable to replay attacks and more secure than static passwords.