Risk aware authentications

Using the Orchestration Engine authentications can become aware of user context (location, UBA risk score, user attributes, etc). By defining rules inside the engine the authentication challenges can differ. Usually this is used to ask for additional input from users in case of suspicious activity.

Usecase: If UBA score below threshold ask for PIN

Step 1: Define the journey

To define a journey that describes the behaviour go to Orchestrator → Journeys and choose to create a new one. The diagrame should look similar to the one below. To see how you can define a journey please see Journey

where the conditions are defined as seen below

Step 2: Select it

Having the Journey defined, you need to add it inside a Selector to be chosen at runtime based on the desired conditions.

Step 3: Enable apps to use it

Applications are grouped by the Journey Selector they use during authentications. Go to Applications and drag the desired Application in the desired Application Group. The group’s Journey Selector can be changed to match the desired one (Editing Group )

Usecase: If phone location is disabled make an additional challenge

To implement this request the only change we need to make is to update the journey above and use mobile_location conditions istead of uba conditions on the transitions:

1. change everywhere is_uba_context_passed and is_uba_motion_passed with mobile_location_enabled

2. change everywhere is_uba_context_passed and is_uba_motion_passed with mobile_location_disabled