Authentication Sessions

Direct user authentication − upon successful direct user authentication, ActivID Appliance assigns an Authenticated Login Session Identifier (ALSI as discussed previously in this document). This is the unique session identifier for a direct user. It identifies the user for all subsequent requests to ActivID Appliance during that session.
Indirect user authentication − upon successful authentication of an indirect user, ActivID Appliance assigns a Proxy Authenticated Login Session Identifier (PALSI) to the indirect user. A PALSI is the unique session identifier for an indirect user. It identifies the user for all subsequent requests to ActivID Appliance during that session.

Note:

PALSIs are issued to indirect users, but are not exposed to the end-users for security purposes, as opposed to a web cookie.
End users can sometimes be directly authenticated by ActivID Appliance for higher performance. For more information, refer to the ActivID Appliance API Integration Guide available from the ActivID Customer Portal.

The PALSI is linked to the authentication policy as opposed to a channel. This means the PALSI can be passed between different service providers. For example, a customer can authenticate to an IVR system, then be transferred to an operator in a call center, and remain authenticated to ActivID Appliance. Similarly, the indirect user’s PALSI is retained in the case of secondary authentication and tiered authentication. Direct users working in the ActivID Management Console can transfer an indirect user’s session between themselves.