We have our nFActor flow configured that contains EPA pre auth scans. These are working as we want them to. The problem is that our nFactor authentication now has the fields flipped

[Mike Smithson]

We have our nFActor flow configured that contains EPA pre auth scans. These are working as we want them to. The problem is that our nFactor authentication now has the fields flipped i.e.:- the password field is now the passcode field and vice versa. We tried swapping the authentication factors around so that ldap was the first factor and radius the 2nd and we can see auth was working but we received the storefront "cannot complete your request"

[Mike Smithson]

I have attached our nFactor flow

[Jonnathan Rojas Murillo]

Hi!

You need to look into the loginschemas associated to the flow, I see lschema_dual... being used in your attachment.

Personally I'd prefer to make a copy of that same schema and customize it to your needs, then assign it to the flow, that'd very likely solve your issue.

Another point I'd suggest is to use the visualizer for your testing, but when you go to implementing in production doing the policies manually is a better idea, I built a rather complex flow with the visualizer and troubleshooting/making changes got complicated as it grew. This also helps giving you a much deeper understanding into what policy/binding does what.

Another option based on what you mentioned about flipping the authentication order is to change the SSO credentials setting in the session profile, by default it is set to Primary so if you flipped the auth order it will try to use the radius creds to SSO into Storefront, switching that to Secondary might do the trick as well.

[Mike Smithson]

Thank you Jonathan for the clear explanation. For some reason or other we couldn't get the flow to work so we did the policies manually and voila it worked straight away! Good advice around where to use the visualiser and manual policies.