From 1c287ac60ff44c3d28474996f5f8d94796a3e2ed Mon Sep 17 00:00:00 2001 From: AJ Farkas Date: Mon, 5 Jan 2026 16:39:43 -0500 Subject: [PATCH 1/3] Portal #60 Add standalone Assurance Level Values page --- _data/nav.yml | 2 ++ _pages/assurance-levels.md | 31 +++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 _pages/assurance-levels.md diff --git a/_data/nav.yml b/_data/nav.yml index 54529f71..f3f0f7a1 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -7,6 +7,8 @@ primary: href: /oidc/getting-started/ - text: SAML href: /saml/getting-started/ + - text: Assurance Levels + href: /assurance-levels/ - text: Attributes href: /attributes/ - text: User Experience diff --git a/_pages/assurance-levels.md b/_pages/assurance-levels.md new file mode 100644 index 00000000..ded7c29c --- /dev/null +++ b/_pages/assurance-levels.md @@ -0,0 +1,31 @@ +--- +title: Assurance Level Values +lead: > +sidenav: + - text: Identity Assurance Levels + href: "#identity-assurance-levels" + - text: Authentication Assurance Levels + href: "#authentication-assurance-levels" + - text: Deprecated Service Values + href: "#deprecated-service-values" +--- +{% capture type_of_service %} + {% include snippets/auth_content/service_levels.md %} +{% endcapture %} +{% capture aal_values %} + {% include snippets/auth_content/aal_values.md %} +{% endcapture %} +{% capture deprecated_values %} + {% include snippets/auth_content/deprecated_values.md %} +{% endcapture %} + +# Identity Assurance Levels +Identity Assurance Level determines what information is used to confirm a user's identity. +{{ type_of_service }} + +# Authentication Assurance Levels +Authentication Assurance Level determines what second factors are allowed for user sign-in. +{{ aal_values }} + +# Deprecated Service Values +{{ deprecated_values }} From 05228effee4d08cc670ac331a84cdfa92a036a1a Mon Sep 17 00:00:00 2001 From: AJ Farkas Date: Tue, 6 Jan 2026 14:44:42 -0500 Subject: [PATCH 2/3] Portal #60 move assurance levels to /overview --- _data/nav.yml | 2 -- _includes/snippets/auth_content/aal_values.md | 4 +-- .../auth_content/deprecated_values.md | 3 +- .../snippets/auth_content/service_levels.md | 3 +- _pages/assurance-levels.md | 31 ------------------- _pages/oidc/authorization.md | 4 +-- _pages/oidc/authorization/pkce.md | 6 ++-- _pages/overview.md | 24 ++++++++++++++ 8 files changed, 33 insertions(+), 44 deletions(-) delete mode 100644 _pages/assurance-levels.md diff --git a/_data/nav.yml b/_data/nav.yml index f3f0f7a1..54529f71 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -7,8 +7,6 @@ primary: href: /oidc/getting-started/ - text: SAML href: /saml/getting-started/ - - text: Assurance Levels - href: /assurance-levels/ - text: Attributes href: /attributes/ - text: User Experience diff --git a/_includes/snippets/auth_content/aal_values.md b/_includes/snippets/auth_content/aal_values.md index bc4c250c..9a570b58 100644 --- a/_includes/snippets/auth_content/aal_values.md +++ b/_includes/snippets/auth_content/aal_values.md @@ -12,6 +12,6 @@ Stricter behavior can be specified by adding one of: - **`http://idmanagement.gov/ns/assurance/aal/2?hspd12=true`** This specifies that a user has been authenticated with an HSPD12 credential (requires PIV/CAC). Users must _always_ authenticate with a second factor. {% endcapture %} -
+ {{ aal_values | markdownify }} -
+ diff --git a/_includes/snippets/auth_content/deprecated_values.md b/_includes/snippets/auth_content/deprecated_values.md index 12741267..49c1214e 100644 --- a/_includes/snippets/auth_content/deprecated_values.md +++ b/_includes/snippets/auth_content/deprecated_values.md @@ -12,6 +12,5 @@ - **`http://idmanagement.gov/ns/assurance/loa/3`** Equivalent to `urn:acr.login.gov:verified`. {% endcapture %} -
+ {{ deprecated_values | markdownify }} -
\ No newline at end of file diff --git a/_includes/snippets/auth_content/service_levels.md b/_includes/snippets/auth_content/service_levels.md index d299a5f8..63dd859c 100644 --- a/_includes/snippets/auth_content/service_levels.md +++ b/_includes/snippets/auth_content/service_levels.md @@ -17,6 +17,5 @@ Authentications for users who verify with facial matching will meet NIST 800-63-3 IAL2 standard. Authentication for users who do not do facial matching will not meet NIST 800-63-3 IAL2 standard. {% endcapture %} -
+ {{ type_of_service | markdownify }} -
diff --git a/_pages/assurance-levels.md b/_pages/assurance-levels.md deleted file mode 100644 index ded7c29c..00000000 --- a/_pages/assurance-levels.md +++ /dev/null @@ -1,31 +0,0 @@ ---- -title: Assurance Level Values -lead: > -sidenav: - - text: Identity Assurance Levels - href: "#identity-assurance-levels" - - text: Authentication Assurance Levels - href: "#authentication-assurance-levels" - - text: Deprecated Service Values - href: "#deprecated-service-values" ---- -{% capture type_of_service %} - {% include snippets/auth_content/service_levels.md %} -{% endcapture %} -{% capture aal_values %} - {% include snippets/auth_content/aal_values.md %} -{% endcapture %} -{% capture deprecated_values %} - {% include snippets/auth_content/deprecated_values.md %} -{% endcapture %} - -# Identity Assurance Levels -Identity Assurance Level determines what information is used to confirm a user's identity. -{{ type_of_service }} - -# Authentication Assurance Levels -Authentication Assurance Level determines what second factors are allowed for user sign-in. -{{ aal_values }} - -# Deprecated Service Values -{{ deprecated_values }} diff --git a/_pages/oidc/authorization.md b/_pages/oidc/authorization.md index 215cf04c..e119e18a 100644 --- a/_pages/oidc/authorization.md +++ b/_pages/oidc/authorization.md @@ -23,10 +23,10 @@ sidenav: --- {% capture aal_values %} - {% include snippets/auth_content/aal_values.md %} + {% include snippets/auth_content/aal_values.md %} {% endcapture %} {% capture service_levels %} - {% include snippets/auth_content/service_levels.md %} + {% include snippets/auth_content/service_levels.md %} {% endcapture %} {% capture deprecated_values %} {% include snippets/auth_content/deprecated_values.md %} diff --git a/_pages/oidc/authorization/pkce.md b/_pages/oidc/authorization/pkce.md index 573a2148..d74aead7 100644 --- a/_pages/oidc/authorization/pkce.md +++ b/_pages/oidc/authorization/pkce.md @@ -23,13 +23,13 @@ sidenav: --- {% capture aal_values %} - {% include snippets/auth_content/aal_values.md %} + {% include snippets/auth_content/aal_values.md %} {% endcapture %} {% capture service_levels %} - {% include snippets/auth_content/service_levels.md %} + {% include snippets/auth_content/service_levels.md %} {% endcapture %} {% capture deprecated_values %} - {% include snippets/auth_content/deprecated_values.md %} + {% include snippets/auth_content/deprecated_values.md %} {% endcapture %} {% capture code_challenge %} Correct Example diff --git a/_pages/overview.md b/_pages/overview.md index c6996130..db6fd295 100644 --- a/_pages/overview.md +++ b/_pages/overview.md @@ -5,7 +5,17 @@ sidenav: href: "#user-flow" - text: Service provider configuration href: "#service-provider-configuration" + - text: Service Levels + href: "#service-levels" + - text: Authentication Assurance Levels + href: "#authentication-assurance-levels" --- +{% capture type_of_service %} + {% include snippets/auth_content/service_levels.md %} +{% endcapture %} +{% capture aal_values %} + {% include snippets/auth_content/aal_values.md %} +{% endcapture %} Login.gov is a FedRAMP moderate approved multifactor authentication and identity proofing platform that makes online interactions with the U.S. government simple, efficient and intuitive. @@ -32,3 +42,17 @@ To configure a test application in the sandbox environment: * Select between [OIDC]({{ site.baseurl }}/oidc/) or [SAML]({{ site.baseurl }}/saml/) protocol implementation protocols and understand which user attributes are required. * If you have questions when testing your integration, read through our [FAQs]({{ site.baseurl }}/support/) or submit a ticket to our [technical support help desk]({{ site.baseurl}}/support/#contacting-partner-support). * Before submitting a request to move your application's configuration to production, review the [User experience]({{ site.baseurl }}/design-guidelines/) page and the [Production]({{ site.baseurl }}/production/) page. Additional requirements, like a [signed Interagency agreement]({{ site.baseurl }}/production/#confirm-interagency-agreement-iaa) (IAA) and [agency logo]({{ site.baseurl }}/user-experience/agency-logo/), are described in these pages. + +## Service Levels + +Service Level, or Identity Assurance Level, determines what information is used to confirm a user's identity. + +
+{{ type_of_service }} +
+ +## Authentication Assurance Levels + +Authentication Assurance Level determines what second factors are allowed for user sign-in. + +{{ aal_values }} From 2537238d9e7a27aa274445e9777d7bccade514f2 Mon Sep 17 00:00:00 2001 From: AJ Farkas Date: Thu, 8 Jan 2026 10:30:38 -0500 Subject: [PATCH 3/3] MR fixes: cleanup tag, capitalization --- _pages/overview.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/_pages/overview.md b/_pages/overview.md index db6fd295..16f16c49 100644 --- a/_pages/overview.md +++ b/_pages/overview.md @@ -5,9 +5,9 @@ sidenav: href: "#user-flow" - text: Service provider configuration href: "#service-provider-configuration" - - text: Service Levels + - text: Service levels href: "#service-levels" - - text: Authentication Assurance Levels + - text: Authentication assurance levels href: "#authentication-assurance-levels" --- {% capture type_of_service %} @@ -47,9 +47,7 @@ To configure a test application in the sandbox environment: Service Level, or Identity Assurance Level, determines what information is used to confirm a user's identity. -
{{ type_of_service }} -
## Authentication Assurance Levels