User-Defined Policy Predicate
Basics
Basic knowledge of the Ruby programming language is required to use this predicate.
Given a code expression, this predicate provides the current user context and runs that expression. If the execution returns true
then the predicate is met. In cases that return false
or produce runtime errors or if it takes longer than 100 milliseconds to evaluate, the predicate fails.
For example, the following code will simply check whether the authentication timestamp in UTC is not between 8 AM and 6 PM:
Time.now.utc.hour < 8 or Time.now.utc.hour > 18
Or the following condition is met when the user browser IP address is within the 74.50.X.X
range:
IPAddr.new('74.50.0.0/16').include?(context.auth_request.ip_address)
Context
We provide the user contextual information such as LOA score, location, network, etc. so that it can be used to develop the condition.
The context
variable is available with the same name in the code. For example context.auth_request.ip_address
returns the user IP address.
Here are the available context attributes:
Name | Type | Description |
---|---|---|
| Authentication Request Information | |
| Information from user mobile app | |
| The distance between the user mobile device and the authenticating device e.g. browser |
AuthRequest
Name | Type | Description |
---|---|---|
|
| The user country1 |
|
| The user public IP address |
|
| Authenticating device (e.g. browser) location latitude1 |
|
| Authenticating device (e.g. browser) location longitude1 |
|
| The groups the user is member of (Active Directory groups if your instance is integrated with it) |
|
| Current LOA score of the user based on the current situation |
|
| Current user unique identifier |
1 All the attributes based on geo-location require the end-user permitting the browser to track their location.
UserMobile
Name | Type | Description |
---|---|---|
|
| User mobile device operating system |
|
| Running mobile application version |
|
| Mobile device location latitude |
|
| Mobile device location longitude |
|
| Mobile device IP address |
|
| Current user unique identifier sent from the mobile app |
MobileVsAuthRequestDistance
Name | Type | Description |
---|---|---|
|
| Distance in kilometers |
|
| Distance in meters |
|
| Distance in miles |
|
| Distance in feet |