Hi, and thanks for joining. Today we'll be going over SmartFlows, which is a feature included in OneLogin's SmartFactor authentication. SmartFactor authentication consists of six components. In this video, we'll be taking a look at SmartFlows, otherwise known as custom login flows. SmartFlows give you the ability to choose between custom login flows, such as a passwordless login flow or a brute force defense login flow.
Here on the Login Flow tab of a user's security policy, admins can select a login flow that will be used to control the order of the steps that the users will be required to accomplish to log in. The standard login flow is set by default. With this authentication flow, the system first looks for a OneLogin Desktop certificate. If it's present, the cert is used for both user identification and authentication. Thus, the user won't be prompted for a password, or any other certificates. However, if there isn't a OneLogin Desktop certificate present, or it isn't valid, the user is then prompted to provide their username and password.
Next, OneLogin checks for a device certificate if you've configured trusted device requirements. Vigilance AI, OneLogin's threat analysis engine, then determines the risk level of the login attempt in order to apply any smart MFA or smart access requirements you may have configured. Next, the user authenticates with any other authentication factors necessary, such as entering a one time password, and then is granted access to their SSO portal.
The brute force defense login flow is slightly different because after a user enters their username, it prompts them for MFA before asking for a password. Taking a look at the brute force defense login flow in action, if a user's credentials are compromised, a hacker could try to log in. But after entering the username, the hacker would be prompted for MFA. Then, the actual user could just deny the hacker access by denying the unexpected MFA prompt, in which case the hacker will be unable to log in.
Now, going back to the admin portal, I'll note that we have the option to disable push notifications in the user's security policy. When checked, OneLogin Protect push notifications will be disabled for authenticating user logins. This can help prevent a push fatigue attack if the user's credentials are compromised. You can also choose to disable push notifications for unlocking user accounts and account recovery.
Next, let's take a look at the passwordless login flow. The passwordless login flow is a user friendly approach that requires only a username and a secure form of multifactor authentication, such as the OneLogin Protect application or WebAuthn. Taking a look at a passwordless login flow in action, we can see that once the user enters their username, they are directly prompted for MFA. Then, once completing the MFA prompt, the user will be granted access to their portal without the need to enter their password.
And that concludes this brief overview of OneLogin SmartFlows. Thanks for watching. Make sure to explore the rest of the demos in this video series to understand the other components that form OneLogin SmartFactor authentication.