This article explains the new flow_type data added to USER_AUTHENTICATION events in Beyond Identity (v2.95.0+), describing the nine authentication flow types, their OS support, direction, and how each method handles authentication requests.
The “flow_type” event: Since version 2.95.0, if you've created policy rules for Authentication that use an Authentication Method, we’ve added "flow_type" to data in USER_AUTHENTICATION events.
There are 9 flow types:
localhost
embedded
scheme
pipe
roamingAuth
copy
universalLink
androidAutofill
androidAccessibility
Description of each authentication flow types:
Flow type | OS Support | Direction | Description |
localhost | Windows, MacOS, Linux, Android, iOS | Bidirectional | The authenticator communicates directly with the local device through a network loopback interface, allowing it to process authentication requests internally. |
embedded | Windows, MacOS, Linux, Android, iOS | N/A | The authentication mechanism is integrated within the application or platform itself, providing a seamless authentication experience without leaving the app environment. |
scheme | Windows, MacOS, Android, iOS | Unidirectional | This method uses custom URI schemes that, when invoked, direct the operating system to open the authenticator app to handle the authentication process. |
pipe | Windows | Bidirectional | Involves inter-process communication through pipes or COM (Component Object Model) on Windows, enabling applications to communicate with the authenticator directly. |
roamingAuth | Typically cross-platform | Unidirectional | Allows authentication to roam between different devices or applications, enabling a user to authenticate from one device and continue the session on another. |
copy | Windows, MacOS, Android, iOS | Unidirectional | This method uses the clipboard for transferring authentication data. Users copy a token or identifier and paste it into the authenticator app to complete the authentication process. |
universalLink | iOS | Unidirectional | Utilizes web links that directly open the authenticator app on the device. If the app is installed, clicking a universal link triggers the authentication process in the app. |
androidAutofill | Android | Unidirectional | Leverages the Android Autofill framework to facilitate the filling of credentials in forms, directly engaging with the authenticator for seamless authentication in apps or webviews. |
androidAccessibility | Android | Unidirectional | Uses the Accessibility services on Android devices to help with authentication, allowing the authenticator to interact with other apps and services in a more integrated manner. |