- Configuring Cascading Authentication
- Configuring Two-Factor Authentication
Authentication allows you to create a cascade of multiple authentication servers using policy prioritization. When you configure a cascade, the system traverses each authentication server, as defined by the cascaded policies, to validate a user's credentials. Prioritized authentication policies are cascaded in ascending order and can have priority values in the range of 1 to 9999. You define these priorities when binding your policies at either the global or the virtual server level.
During authentication, when a user logs on, the virtual server is checked first and then global authentication policies are checked. If a user belongs to an authentication policy on both the virtual server and globally, the policy from the virtual server is applied first and then the global authentication policy. If you want users to receive the authentication policy that is bound globally, change the priority of the policy. When a global authentication policy has a priority number of one and an authentication policy bound to a virtual server has a priority number two, the global authentication policy takes precedence. For example, you could have three authentication policies bound to the virtual server and you can set the priority of each policy.
If a user fails to authenticate against a policy in the primary cascade, or if that user succeeds in authenticating against a policy in the primary cascade but fails to authenticate against a policy in the secondary cascade, the authentication process stops and the user is redirected to an error page.
You can also modify an authentication policy that is bound to a virtual server.