Uniqueness of credentials
It is important to know that, in general, a user can only possess one single credential per credential type. However, there are exceptions to this rule, which are useful to users who have different hardware devices or wish to accomplish different levels of authentication.
Of the following credential types, a user can own more than one:
- Generic credentials
- Certificate credentials
- Kerberos credentials
- Device password credentials
- Context password credentials
- OTP credentials (a user can own a maximum of 2 of them)
- OATH credentials
- SAML federation credentials
- FIDO UAF credentials
- FIDO 2 credentials