Location services

VeridiumID now incorporates mobile device location capture during authentication sessions, providing valuable context for risk assessment and security decisions. This document outlines the functionality, implementation details, and configuration options for this feature.

Overview

This enhancement enables VeridiumID to capture, process, and utilize location data from mobile devices during authentication sessions. This information is then relayed to the VeridiumID server and, for SAML authentications, to Shibboleth, enriching the authentication data with location context.

Functional considerations:
Detailed settings for location scenarios can be configured in Admin / Settings / Geolocation and are described in section Administration Guide / Settings / Geolocation.

Workflow

1. Location Capture:

   • During authentication, the mobile device captures the user's location using the device's OS frameworks.

   • The location data is reverse geocoded to obtain human-readable information like country, city, and street address.

2. Data Transmission:

   • The location data is included in the AuthenticationResponse call to the VeridiumID server.

   • For privacy considerations, the level of location detail transmitted can be configured based on GDPR regulations.

3. Server-Side Processing:

   • The VeridiumID server stores the location information with the session data.

   • Upon successful authentication, this data is included in the Identity Token.

4. Shibboleth Integration (SAML):

   • For SAML authentications, Shibboleth extracts the location data from the Veridium Identity Token.

   • This information is then added to the SAML message for further processing and analysis.

Configuration and Settings

• Geolocation Settings:

  • Detailed configuration for location scenarios is available in the Veridium Manager Admin console under Settings > Geolocation.

  • Refer to the "Administration Guide / Settings / Geolocation" section for detailed descriptions of the available settings.

• Mobile Settings:

  • The level of location detail captured by the mobile device can be configured in the server's Mobile Settings.

  • This setting adheres to GDPR regulations and allows for granular control over location data privacy.

  • Possible values include: NONE, COUNTRY, DISTRICT, CITY, STREET, STREET_NUMBER, GPS_LOCATION.

  • If this setting is missing, the default value is NONE.

• Location Precision:

  • The precision of GPS location can be adjusted in Settings > Geolocation > Location Coordinates Precision.

• Server-Side Configuration:

  • The location.json configuration file in Zookeeper allows for fine-tuning server-side behavior related to location data.

  • This file includes settings for accuracy thresholds, country code replacement, and location attribute filtering.

Key Benefits

• Enhanced Security: Location context adds another layer of security by allowing risk assessment based on user location.

• Improved Risk Analysis: Location data can be used to identify potentially suspicious login attempts from unexpected locations.

• Compliance with GDPR: Granular location data controls ensure compliance with privacy regulations.

• Flexible Configuration: Administrators can tailor location settings to meet specific security and privacy requirements.

Troubleshooting

• Refer to the table below for basic error information:

• Consult server logs for any issues related to location data processing or transmission.

Additional Notes

• Mobile devices should implement appropriate mechanisms to avoid excessive location requests and adhere to device quotas.

• Location monitoring can be initiated in the background to improve accuracy during authentication.

This enhanced location capture functionality provides valuable context for authentication sessions, strengthens security measures, and allows for greater flexibility in managing user location data.