To use adaptive authentication risk checks for User / Group Restriction and Geo-velocity, make the following configuration settings on the Data tab for LDAP data stores.
- Go to the Data tab.
In the Profile Fields section, set the following:
| Property / Field |
This field must be mapped on each realm using the User / Group Restriction adaptive authentication risk check.
Map a directory field (for example, memberOf) to the Property (for example, Groups) containing the group information to which the user belongs in the Active Directory.
This field must be mapped on each realm using the Geo-velocity adaptive authentication risk check.
Map a directory field to the Access Histories property. Store the property in either plain binary or JSON format.
In typical Active Directory (AD) deployments, the "photo" directory field in plain binary data format is used.
Directory field requirements to store the Access Histories property in plain binary format:
- Length – 1024 minimum per Access History record. The Access History setting is configured on the web.config file:
<add key="AccessHistoryMaxCount" value="5" />
- Data Type – Octet string (bytes)
Directory field requirements to store the Access Histories property in JSON format:
- Length – no limit / undefined
- Data Type – DirectoryString
| Writeable |
To use the Geo-velocity adaptive authentication risk check, select the Writable check box to allow SecureAuth IdP to write information to the Access Histories property.
- Save your changes.