Step-up Authentication using Push Notifications

Introduction

This guide illustrates the Step-up Authentication (Push Notifications) Flow and the APIs that Relying Parties (RP) need to integrate with.

The Step-up authentication feature can be employed in use-cases where RPs require their users to perform an additional layer of authentication before proceeding on with a high-risk transaction. This kind of authentication is done by triggering a push notification to the user’s Singpass Mobile Application.

RPs who are looking to opt-in for Step-up Authentication are required to integrate with Singpass operating in the Client-initiated Backchannel Authentication (CIBA) Poll Mode (see CIBA specs). Refer to this diagram for an overview of the CIBA authentication flow between an RP, Singpass and its dependencies.