Force Re-authentication

In most cases, an Identity Provider allows a user’s web browser to cache their authentication session by default. When a user returns to the site at a later time, they are automatically logged in.

However, many Identity Providers also support forcing re-authentication. LogonLabs Force Re-authentication feature allows you to require users to re-authenticate each time they visit your site, even if their credentials have been cached. To implement this feature, visit our API documentation for Start Login

Force Re-authentication values

As part of StartLogin, you can set Force Re-authentication to off, attempt, or force.

Off (default)

Force Re-authentication is off. Users with cached sessions are not prompted to re-authenticate on subsequent visits to your site. Use this if you are OK with your users having cached sessions with your site.

Attempt

Force Re-authentication is on, but only only for the Identity Providers that support it. See the list below for supported Identity Providers. For Identity Providers not in that list, users will not be prompted to re-authenticate. Use this if you want to allow login with unsupported Identity Providers, but still want the security of re-authentication for supported Identity Providers.

Force

Force Re-authentication is on, and login is only possible for supported Identity Providers. Users attempting to log in with any enabled unsupported Identity Providers will receive an error for StartLogin. Use this if you want to make sure Force Re-authentication will always be applied in all cases, even if someone enabled an unsupported Identity Provider by mistake. If this option is selected, we recommend ensuring all unsupported Identity Providers are disabled for your App.

Supported Identity Providers

Microsoft
Dropbox
Fitbit
Twitter
Okta
OneLogin

Please note that Apple always requires users to re-authenticate.


← Previous Article
Revoke Tokens
Next Article →
Scopes