Symantec Access Management

 View Only
  • 1.  Risk Authentication rules

    Posted Aug 20, 2019 03:17 PM
    Hi, i have the following use case for risk authentication:
    i just need to check if the device used by the user is associated to the user
    So i guess i can cover that requirement with the OOTB rule:

    User Not Associated with DeviceID (USERDEVICENOTASSOCIATED)

    and define a ruleset with only that rule enabled

    Anyway, based on my understanding, the above rule relies on deviceID in order to query the ARRFUSERDEVICEASSO table and check if a device with given deviceID exists in that table for the user
    That said i have a doubt: in case deviceID is not available i can still use reverse lookup feature to recover deviceID, but what sounds strange to me is that the reverse lookup relies on reverse lookup threshold that is configurable inside the rule Device MFP Not Match

    So my question is: in order to have reverse lookup enabled, MUST i  also need to enable the Device MFP Not Match rule?
    In other word, with a ruleset with only User Not Associated with DeviceID (USERDEVICENOTASSOCIATED) enabled, Will the reverse lookup still works?

    Best Regards



  • 2.  RE: Risk Authentication rules
    Best Answer

    Broadcom Employee
    Posted Aug 23, 2019 03:33 PM
    Hi Claudio,

    Reverse lookup works matching the incoming Machine Finger Print with the already stored ones in ARRFDEVICEINFO table and then matching the threshold ( Default 80%) and returning that DeviceID, MFP mismatch rule drives this so for Reverse lookup this rule has to be enabled.