Behavioral Biometrics Authentication API Guide
Introduction
Use this guide to configure the SecureAuth Authentication API to use Behavioral Biometrics which analyzes an end-user's keystroke and mouse movement behavior during login / page interaction to create a profile that is then compared to subsequent login attempts using the configured authentication workflow.
Once a profile is trained, the end-user enters the required information into the fields, and SecureAuth IdP can determine whether this behavior is consistent with that of the mature profile.
Prerequisites
1. Complete the steps in the Authentication API guide.
2. Complete the Behavioral Biometrics configuration steps in the SecureAuth IdP Web Admin
Notice
LDAP directory integration is the only supported data store for the Behavioral Biometrics API
Refer to Behavioral Biometrics Guide for additional information
SecureAuth IdP Configuration Steps
Endpoints
Endpoints for /behavebio enable the use of SecureAuth IdP's behavioral biometrics which trains the end-user profile for authentication by the sole individual based on unique keystrokes and mouse movements
The /behavebio/js endpoint uses the GET method to retrieve the JavaScript reference that is required to gather and analyze an end-user's behavioral biometric profile
Using the JavaScript reference, most of the data required for the POST and PUT endpoints are provided, but the remaining information (user ID, host address, and user agent) must be supplied by the application
The /behavebio endpoint uses thePOST method to collect and create the end-user's behavioral biometric profile which is then analyzed against subsequent profile information posted to the endpoint
The API gathers the end-user keystroke, text input, and other factors while the application's provided fields are filled out (e.g. username, password, home address, phone number, etc.)
After these fields are filled out ten (10) times, the profile is considered to have been trained, and the API can then return a score based on the comparison of the "normal" behavior and the current behavior
The /behavebio endpoint uses thePUT method to reset the end-user's profile to enable retraining – this is especially useful after the end-user changes a password
Resetting a profile can involve completely resetting the profile, or resetting specific fields from which behavior profile information is collected
GET
/behavebio/js
HTTP Method | URI | Example |
---|---|---|
GET |
| https://secureauth.company.com/secureauth2/api/v1/behavebio/js |
POST
/behavebio
HTTP Method | URI | Example |
---|---|---|
POST |
| https://secureauth.company.com/secureauth2/api/v1/behavebio |
PUT
/behavebio
HTTP M100ethod | URI | Example |
---|---|---|
PUT |
| https://secureauth.company.com/secureauth2/api/v1/behavebio |