A server can authenticate a client for an application or a resource. The server may be configured with an authentication model for authenticating a client. In some cases, the server may be configured to authenticate a client using a single factor or a dual factor authentication model. However, the current rigid policy structure of the authentication model may limit the types or functionality of authentication models with which the server can be configured.