Continuous (step-up) authentication provides an additional layer of authentication based on predefined levels of data sensitivity and risk. You can create policies that apply to specific users, files, locations, actions, or other factors. When users perform those actions on a cloud, the policy is triggered, directing the user to the identity provider to enter additional login credentials.

Continuous authentication strikes a balance between convenient user access and applying stronger protection for higher risk scenarios. Because it is policy-driven, you can define a variety of situations that require users to go through the step-up process.

For example, you might want to require additional authentication when:

• A user traveling to a location tries to download multiple files while at that location.
• Risk scores have increased for a user.

• A user is authorized to download files but wants to download a file from a group of highly sensitive files they are typically not authorized to access.

  You must enable authentication in the Management Console before you can use it in a policy. For example, if you want to include continuous authentication as a secondary action in a policy, make sure that continuous authentication is enabled in the Management Console.

  If continuous authentication is selected in a policy, you cannot disable it in the Management Console.