A method and authentication mechanism is provided. A request is sent to authenticate a user of the application from a mobile device to an authentication server. The authentication server identifies a user profile for the user containing one or more authentication schemes available to authenticate the user. The authentication schemes comprise a direct scheme in which the user provides a password and a federated authentication scheme. The authentication server determines a favored authentication scheme from one or more authentication schemes available based on a policy associated with the user profile. The mobile device displays a menu showing the authentication schemes available to allow the user to select an authentication scheme. The favored authentication scheme is displayed ahead of a remainder of the authentication schemes. The authentication server verifies credentials for the user profile using the selected authentication scheme to authenticate the user.