How to configure step-up authentication when using an external IDP as 2nd Factor ?

Solution Verified - Updated 2024-06-13T19:40:11+00:00 -

Issue

Step-up authentication is working fine when using as a 2nd condition OTP. In this case the access token has the ACR value set to level 2.

But when the 2nd condition is external IDP, the ACR value level remains at level 1, although it should have been set to level 2.

Environment

Red Hat Single Sign-On (RH-SSO)
- 7.x
Step-up Authentication
Access Token ACR value
External IDP

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)