Skip to main content

User-Defined Policy Predicate

Basics

Basic knowledge of the Ruby programming language is required to use this predicate.

Given a code expression, this predicate provides the current user context and runs that expression. If the execution returns true then the predicate is met. In cases that return false or produce runtime errors or if it takes longer than 100 milliseconds to evaluate, the predicate fails.

For example, the following code will simply check whether the authentication timestamp in UTC is not between 8 AM and 6 PM:

Time.now.utc.hour < 8 or Time.now.utc.hour > 18

Or the following condition is met when the user browser IP address is within the 74.50.X.X range:

IPAddr.new('74.50.0.0/16').include?(context.auth_request.ip_address)

Context

We provide the user contextual information such as LOA score, location, network, etc. so that it can be used to develop the condition.

The context variable is available with the same name in the code. For example context.auth_request.ip_address returns the user IP address.

Here are the available context attributes:

Name

Type

Description

auth_request

AuthRequest

Authentication Request Information

user_mobile

UserMobile

Information from user mobile app

mobile_vs_auth_request_distance

MobileVsAuthRequestDistance

The distance between the user mobile device and the authenticating device e.g. browser

AuthRequest

Name

Type

Description

country

String

The user country1

ip_address

String

The user public IP address

latitude

Float

Authenticating device (e.g. browser) location latitude1

longitude

Float

Authenticating device (e.g. browser) location longitude1

groups

Array of String

The groups the user is member of (Active Directory groups if your instance is integrated with it)

loa_score

Float

Current LOA score of the user based on the current situation

user_id

Integer

Current user unique identifier

1 All the attributes based on geo-location require the end-user permitting the browser to track their location.

UserMobile

Name

Type

Description

os

String

User mobile device operating system

app_version

String

Running mobile application version

latitude

Float

Mobile device location latitude

longitude

Float

Mobile device location longitude

ip_address

String

Mobile device IP address

user_id

Integer

Current user unique identifier sent from the mobile app

MobileVsAuthRequestDistance

Name

Type

Description

kilometers

Float

Distance in kilometers

meters

Float

Distance in meters

miles

Float

Distance in miles

feet

Float

Distance in feet