The adaptive authentication analysis risk checks in SecureAuth IdP starts immediately after a username is authorized against the enterprise directory, with an instant response to an authentication request. The adaptive authentication risk check analysis determines whether a user should be passed, required to provide additional authentication, or denied access to the protected resource.
Adaptive authentication thwarts breaches based on configured pre-authentication policies that require the bad actor to trigger one or more specified rules. For example, if the user attempts to authenticate from a blocked country (geo-location blocking), or attempts to VPN from a command-and-control server associated with a "bad" IP address (Prevent package license), then authentication requirements are stepped-up, halting the bad actor's efforts.
SecureAuth IdP provides advanced adaptive capability powered by machine learning with its Prevent package to track and analyze the login behavior patterns of authorized users. It tracks the login patterns for a period of time to identify normal patterns, then assigns each user a personal risk score. Since the login behavior pattern and risk score is unique to each user, it prevents bad actor attempts to impersonate authorized users trying to gain access to the targeted login site. For more information about user risk score calculations see Machine learning user risk score calculations.
For more information about using adaptive authentication in SecureAuth IdP, select a topic:
- Adaptive authentication updates in SecureAuth IdP version 9.3
- Risk check factors
- Risk check actions
- SecureAuth IdP configuration
- Option: Username redirect to another realm configuration
- Logging features of key-value pair properties
- SecureAuth User Risk score provider configuration
- Connect Exabeam UEBA to SecureAuth IdP
- Connect SailPoint IdentityIQ to SecureAuth IdP
- Machine learning user risk score calculations