Attempt to advance the state of an authentication session.

Use this API to advance the user authentication to authenticate the user against CyberArk Identity.

  • Once start authentication API is invoked and a user authentication session has been created successfully, the advance authentication API is invoked to further advance the user authentication process.
  • SessionId and MechanismId returned as part of the “/startAuthentication” API are passed as request parameters to this API.
  • If the request to the API is successful, you can expect 'StartNextChallenge' or 'LoginSuccess' response, however the system may (at any time) return a new MFA Package which may add, remove, or change challenges.
  • For Out of Bounds (OOB) challenge, which involves an additional entity, such as a smartphone, in the authentication process. Please refer OOB Challenge
  • For MFA please refer MFA Process
  • As a response to advance authentication API, an authentication cookie (. ASPXAUTH) would be returned for the user. This cookie can be used to access the CyberArk Identity APIs on behalf of the user.
  • Failure cases typically result in an 'Undefined' error message when the tenant settings are not configured properly or a "LoginFailure' message when incorrect answers to the MFA challenges have terminated the user session (these incorrect answers may have been sent in previous calls to this API).