Authentication groups two elements: Authentication Schemes and Authentication Methods. The combination of the two defines the ways to authenticate to a Service Provider.
- An Authentication scheme is linked to a Service Provider. It defines which Authentication methods can be used to access it. It also defines the order of execution in the case of multi-factor authentication, and it specified the strength of each Authentication Method for multi-level or step up authentication.
- The Authentication Method can contain one or more Identity Providers that can provide this Authentication Method.
It is easiest to first define the Authentication Methods, before grouping them into the possible Schemes.
There is always the pre-defined "IDHub Default Scheme" that is always applied to access the IDHub applications (such as the Administration Portal). Take care not to experiment with this Authentication Scheme, as you could end up restricting the access to the Administration Portal.