Entrust Identity as a Service™ Administrator Help
Click here to see this page in full context

Report errors or omissions

  1. Home >
  2. Manage authenticators >
  3. Manage risk-based authenticator settings >
  4. Manage user risk-based authenticator settings

 

Manage user risk-based authentication settings

You can manage a user's risk-based authentication settings. When you change these settings, the user's settings override the system-wide settings you set in the general system-wide risk-based authentication settings (see Modify risk-based authentication general settings.

You can manage the following user risk-based settings:

Location History

When a user logs in to Identity as a Service, the location the user used to log in is added to the user's location history, as follows:

Authentication from a public location

Identity as a Service converts the IP address to location data and stores the location information, such as country, city, latitude and longitude of the location, ISP name, IP address, date and time of the authentication and the number of times the user authenticated from the location.

Location comparisons that involve public locations look at the country, city, and ISP. The IP address is also used in the comparison if the Check IP Address in Location History setting is enabled. If all comparison items match exactly, the two locations are considered the same and the test passes. If there is any differenceeven a minor spelling variation for the ISP name the test fails and the user receives the risk points associated with that condition. Those risk points contribute to the user's total risk score during their authentication attempt.

Authentication from a private location

When a user log in to Identity as a Service from a private location, Identity as a Service stores the IP address, date and time of the authentication, and the number of times the user authenticated from the location.

Expected Locations

The Expected Locations list contains IP locations that users are expected to log in from. You can move a location from the Location History to a user's Expected Locations List

Settings

You can set whether the user uses the system-wide risk-based authentication settings or the user-specific settings.

Move location history to expected locations, add expected locations, and delete location historyMove location history to expected locations, add expected locations, and delete location history

Click > Members > Users. The Users List page appears.

Click the User ID of the account that you want to edit. The User Details page appears.

Click the Risk-Based Authentication tab. The Risk-Based Authentication page appears.

Select Location History from the drop-down list. The Location History list appears.

To add the selected Location History to the Expected Locations, click next to the location history.

Click . The Add Expected Location dialog box appears with the fields autopopulated.

Click Save. The location is added to the user's Expected Locations list.

Repeat steps 6 and 7 to add additional Expected Locations.

Add or delete expected locationAdd or delete expected location

A user's personal expected location list overrides the system-wide list when the two conflict. For example, if a user authenticates from a location that is not on the system-wide list, but is on the user's personal expected location list, the location is accepted.

Users do not have any locations included in the expected location list unless an administrator specifically assigns them.

Click > Members > Users. The Users List page appears.

Click the User ID of the account that you want to edit. The User Details page appears.

Click the Risk-Based Authentication tab. The Risk-Based Authentication page appears.

Select Expected Locations from the drop-down list. The Expected Locations list appears.

Click Add. The Add Expected Location page appears.

You must provide a value for at least one of these fields:

Select the Country from the drop-down list.

Enter a City Name.

Enter the ISP (Internet Service Provider)

Enter the IP Address. Click to resolve the IP address. The country, city name and ISP are populated based on the IP Address.

Click Save. The location is added to the user's Expected Locations List.

Note: If you need to delete a location, click next to the location and then click Delete on the confirmation prompt.

Set the user risk-based authentication settingsSet the user risk-based authentication settings

Click > Members > Users. The Users List page appears.

Click the User ID of the account that you want to edit. The User Details page appears.

Click the Risk-Based Authentication tab. The Risk-Based Authentication page appears.

Select Settings from the drop-down list. The Settings dialog box appears.

Select Use System-Wide Settings or Use User-Specific Settings.

If you select Use User-Specific Settings, do the following:

Set Maximum Number of Locations to the number of locations that can be included in the user's expected locations list.

Select Check IP Address in Location History to compare the authentication request IP with the values in the user's Location History.

Select Check Travel Velocity to compare the distance between locations from which a user has authenticated within a specific period of time.

Click Save.