Abstract: Techniques are provided for customizing authentication and for handling pre-authentication and post-authentication plug-ins in an access management system. Users may want to access a protected resource, such as an application, and apply customizations to the protected resource. The customizations can be applied through the use of plug-ins, such as pre-authentication and post-authentication plug-ins. After it is determined that the user has permissions to apply a specified plug-in, analysis is performed to ensure that the plug-in complies with system requirements and that the criteria for implementing the plug-in has been satisfied. A browser session and control of the application can then be forwarded to the user.

Abstract: Systems and methods for single sign-on between two independent systems are disclosed herein. The method can include receiving a request to access a first application of a first system having a first login protocol. The method can include receiving user login credentials and authenticating the user login credentials. The method can include logging the user in to the first system and a second system based on the received login credentials. The second system can have a second login protocol independent of the first login protocol.

Abstract: Systems and methods for a single logout between two independent systems are described herein. The system includes a first access control system having a first login protocol. The first access control system includes at least one first processor, and a memory comprising a plurality of instructions executable by the at least one first processor. The system includes a second access control system. The second access control system has a second login protocol independent of the first login protocol. The first access control system can receive a logout request from a user at the first access control system, logging the user out of the first access control system, and utilizing a trust mechanism to log the user out of the second access control system.

Abstract: Techniques are provided for customizing authentication and for handling pre-authentication and post-authentication plug-ins in an access management system. Users may want to access a protected resource, such as an application, and apply customizations to the protected resource. The customizations can be applied through the use of plug-ins, such as pre-authentication and post-authentication plug-ins. After it is determined that the user has permissions to apply a specified plug-in, analysis is performed to ensure that the plug-in complies with system requirements and that the criteria for implementing the plug-in has been satisfied. A browser session and control of the application can then be forwarded to the user.

Abstract: Techniques related to authentication and authorization are disclosed. In some embodiments, an access management system is provided for increasing the reliability of notification-based authentication and/or authorization. Push notifications, for example, may be used as part of multifactor authentication processing or authorization processing. In certain embodiments, in response to an event triggering an authentication or authorization flow for a user, multiple different ways are provided for delivering notifications related to the authentication or authorization flow to the user's device (e.g., a client device registered for push notification-based authentication or authorization). By providing multiple ways for communicating notifications related to the authentication or authorization to the user's device, the chance that an authentication-related or authorization-related notification is missed or not delivered to the user's device is dramatically reduced.

Abstract: Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource.

Abstract: Techniques are described for enrolling an authentication device for generating time-based one-time passwords (TOTPs) for use with multi-factor authentication (MFA). A user is prompted to initiate an enrollment procedure after successful authentication based on a first authentication factor in connection with a request for a resource protected by an access management (AM) system. The authentication device contacts the AM system to establish that the authentication device is a trusted device (e.g., through validation of an authentication token contained in a Quick Response (QR) code generated by the AM system). After the authentication device has been established as a trusted device, the AM system sends a shared secret to the authentication device, which uses the shared secret to complete enrollment (e.g., by generating a TOTP for verification by the AM system). A session is then created for the user to enable access to the protected resource.

Abstract: Techniques related to authentication and authorization are disclosed. In some embodiments, an access management system is provided for increasing the reliability of notification-based authentication and/or authorization. Push notifications, for example, may be used as part of multifactor authentication processing or authorization processing. In certain embodiments, in response to an event triggering an authentication or authorization flow for a user, multiple different ways are provided for delivering notifications related to the authentication or authorization flow to the user's device (e.g., a client device registered for push notification-based authentication or authorization). By providing multiple ways for communicating notifications related to the authentication or authorization to the user's device, the chance that an authentication-related or authorization-related notification is missed or not delivered to the user's device is dramatically reduced.