Each identity provider that you federate with EmpowerID can be configured with an LoA (Level of Assurance) point value to help users reach the required number of points to access EmpowerID, as specified on their assigned Password Manager Policies. LoA points granted by an SSO Connection start at 0 and can be incremented depending on the trust factor your organization places on the provider. For example, if you are setting the number of LoA points for an IdP, you might choose to give a more trusted identity provider, such as the Windows IdP, a point value of 2, and a less trusted IdP, such as a social media IdP, a point value of 1 or 0.
If the IdP selected by users grants enough points to meet your policy requirements, those users are granted access once authenticated. If the IdP does not, further points must be acquired.
This article demonstrates how to set LoA points for the following identity providers:
External OAuth services
SAML identity providers
Set LoA points for External OAuth services
On the navbar, expand Single Sign-On > SSO Connections and click OAuth / OpenID Connect.
Select the External OAuth Services tab and search for the service to which you want to apply LoA points.
Click the Provider link for the service.
On the External OAuth Provider Details page that appears, click the Edit link for the provider.
Enter the desired point value in the Level of Assurance (LoA) field and then click Save.
Set LoA points for SAML identity providers
On the navbar, expand Single Sign-On > SSO Connections and click SAML.
Search for the SAML identity provider to which you want to apply LoA points and then click the Display Name link for it.
On the View One page for the connection, click the Display Name link to put the connection in edit mode.
Select the General tab of the Connection Details form and then enter the desired number of points in the Level of Assurance (LoA) field.