Authentication Sessions

Direct user authentication − upon successful direct user authentication, ActivID AS assigns an Authenticated Login Session Identifier (ALSI as discussed previously in this document). This is the unique session identifier for a direct user. It identifies the user for all subsequent requests to ActivID AS during that session.
Indirect user authentication − upon successful authentication of an indirect user, ActivID AS assigns a Proxy Authenticated Login Session Identifier (PALSI) to the indirect user. A PALSI is the unique session identifier for an indirect user. It identifies the user for all subsequent requests to ActivID AS during that session.

Note:

PALSIs are issued to indirect users, but are not exposed to the end-users for security purposes, as opposed to a web cookie.
End users can sometimes be directly authenticated by ActivID AS for higher performance. For more information, refer to the ActivID Authentication Server API Integration Guide available from the ActivID Customer Portal.

The PALSI is linked to the authentication policy as opposed to a channel. This means the PALSI can be passed between different service providers. For example, a customer can authenticate to an IVR system, then be transferred to an operator in a call center, and remain authenticated to ActivID AS. Similarly, the indirect user’s PALSI is retained in the case of secondary authentication and tiered authentication. Direct users working in the ActivID Management Console can transfer an indirect user’s session between themselves.