Step-up Authentication using Push Notifications

Client-Initiated Backchannel Authentication (CIBA)

Introduction

This guide illustrates the Step-up Authentication (Push Notifications) Flow and the APIs that Relying Parties (RP) need to integrate with.

The Step-up authentication feature can be employed in use-cases where RPs require their users to perform an additional layer of authentication before proceeding on with a high-risk transaction. This kind of authentication is done by triggering a push notification to the user’s Singpass Mobile Application.

RPs who are looking to opt-in for Step-up Authentication are required to integrate with Singpass operating in the Client-initiated Backchannel Authentication (CIBA) Poll Mode (see CIBA specs). Refer to this diagram for an overview of the CIBA authentication flow between an RP, Singpass and its dependencies.

CIBA Authentication Flow between RP, Singpass and its dependencies

Last updated

Was this helpful?