Prompting for 2FA when updating sensitive info

In this article it says:

if the user has a session, the previously satisfied authenticators are considered before prompting for factors that are required by the acr_values parameter in the request.

What does “satisfied authenticators” mean?
What does it mean when it says it “considers” them?
Maybe an example would be good.

As this doc is related to step-up authentication, this language is referring to how the user established their Okta session in the first place and what authenticators (aka factors) they used to create this session. This is also referenced earlier in the doc

This claim conveys information about the level of assurance that the user verified at the time of authentication. The resource server can then validate these parameters to ensure that the user verified the required level of assurance.

So satisfied authenticators would be the authenticators the user already used, which are then considered to ensure the user has completed the necessary assurance levels for the step-up request.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.