Skip to main content

Adaptive Authentication API Guide

Use this guide to configure the SecureAuth Authentication API to use Adaptive Authentication workflows that use analysis to effectively mitigate attacks and unauthorized users from gaining access into sensitive resources.

SecureAuth IdP and Adaptive Authentication versions and corresponding features are provided next, in "Adaptive Authentication Action Definitions."

Prerequisites

  1. Optional: Have special SecureAuth IdP license to use IP Reputation / Threat Data analysis functionality or services.

    Contact SecureAuth Support for more information or to upgrade.

  2. Complete the steps in the Authentication API guide.

  3. Complete the Adaptive Authentication configuration steps in the SecureAuth IdP Web Admin – see Adaptive Authentication Tab Configuration topic.

    For the optional User Risk feature for Adaptive Authentication, refer to Connecting SailPoint IdentityIQ to SecureAuth IdP or Connecting Exabeam UEBA to SecureAuth IdP topics.

SecureAuth IdP configuration steps

The steps to configure the Adaptive Authentication tab in SecureAuth IdP are in the Adaptive Authentication Tab Configuration topic, in the SecureAuth IdP Configuration Steps section. You can select the instructions for SecureAuth IdP v9.1 or SecureAuth IdP v9.2.

Endpoints

The /adaptauth endpoint uses the POST method to enable SecureAuth IdP Adaptive Authentication to analyze an end user's profile, group, IP address, country, geo-velocity, and any risks detected by threat intelligence data.

The /accesshistory endpoint uses the POST method to create an end user access history for geo-velocity calculations.

After the end user is authenticated, the information is posted to the endpoint, and a new entry is created and stored in the end user profile.

On the next login attempt, SecureAuth IdP uses the stored information to validate whether the distance traveled from the previous login to the current attempt is feasible.

POST

/adaptauth

HTTP Method

URI

Example

SecureAuth IdP version

POST

/api/v1/adaptauth

https://secureauth.company.com/secureauth2/api/v1/adaptauth

v9.1+

/accesshistory

HTTP Method

URI

Example

SecureAuth IdP version

POST

/api/v1/accesshistory

https://secureauth.company.com/secureauth2/api/v1/accesshistory

v9.1+