Documentation

Table of Contents


Other Resources


Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To use adaptive authentication risk checks for User / Group Restriction and Geo-velocity, make the following configuration settings on the Data tab for LDAP data stores. 

  1. Go to the Data tab.
  2. In the Profile Fields section, set the following: 

    Borderless_tables
    Property / Field

    This field must be mapped on each realm using the User / Group Restriction adaptive authentication risk check. 

    Map a directory field (for example, memberOf) to the Property (for example, Groups) containing the group information to which the user belongs in the Active Directory. 

    Access Histories 

    Anchor
    accesshistory
    accesshistory

    This field must be mapped on each realm using the Geo-velocity adaptive authentication risk check. 

    Map a directory field to the Access Histories property.  Store the property in either plain binary or JSON format.   

    UI Text Box
    sizemedium
    typenote

    In typical Active Directory (AD) deployments, the "photo" directory field in plain binary data format is used. 

    Directory field requirements to store the Access Histories property in plain binary format:

    • Length – 1024 minimum per Access History record. The Access History setting is configured on the web.config file: 
      <add key="AccessHistoryMaxCount" value="5" /> 
    • Data Type – Octet string (bytes)
    • Multi-valued

    Directory field requirements to store the Access Histories property in JSON format:

    • Length – no limit / undefined
    • Data Type – DirectoryString
    • Multi-valued

    Writeable

    To use the Geo-velocity adaptive authentication risk check, select the Writable check box to allow SecureAuth IdP to write information to the Access Histories property.

  3. Save your changes.