I need to solve this scenario:
If a person is a staff member, do step-up authentication.
If a person is a student, use the default authentication.
My idea to solve this:
Write risk-based rules that test what method, or contract, was used at login time. If the contract was default form, then reauthenticate with an AA contract.
Or am I going about this the wrong way?
David.