16. Authenticate a User
This use case describes, in detail, the steps for authenticating a user who has requested access to a protected resource. It stems from the ‘Grant access to a protected resource’ use case and expands on Step 3, ‘Verify authentication factors.’ Authentication is the process by which a system verifies the user’s claimed identity to a certain level of assurance (LOA). LOA1 is the lowest level, and LOA4 is the highest. There are three types of authentication factors: something you know (such as a password or PIN), something you have (such as a smartcard), and something you are (such as your fingerprint). At LOA3 and LOA4, at least two types of factors are required.
Pre-condition: Individual has attempted to access a resource.
|The Access Control System (ACS) prompts the individual to provide authentication factor(s).|
|For LOA 2, the individual provides a single authentication factor, usually a PIN or password. For LOA 3 and LOA 4, the individual provides at least two authentication factors.|
|The ACS verifies the user’s input against information about the user’s claimed identity.
Each type of factor is authenticated in a different way.
|If the factors are verified, authentication is successful.|
Post-condition: Individual is successfully or unsuccessfully authenticated. If successful, authorization is the next step.
Click here for a consolidated image of this use case.