You can deploy RBA so that the workflow is transparent to the user. The user enters logon credentials, and Authentication Manager validates the user’s credentials using an LDAP directory as an identity source. When RBA is enabled, the logon page for the web-based application redirects the user to the Authentication Manager logon page. The SSL-VPN grants the user access to the protected resource. The SSL-VPN validates the user’s identity using an LDAP directory, the identity source, over an LDAPS connection. The user provides a user name and password. The user browses to the SSL-VPN logon page over an HTTPS connection. In this example, the network resource is protected by an SSL-VPN, and the SSL-VPN is configured to validate user logon credentials using an LDAP directory.ĭata flow occurs in the following sequence: The following figure shows a web-based application before it is configured for risk-based authentication (RBA). Risk-Based Authentication Data FlowRisk-Based Authentication Data Flow Note:Risk-based authentication (RBA) only works with web-based authentication agents that use the UDP protocol. If the risk level is higher than the minimum assurance level, the user is prompted to confirm his or her identity by answering security questions or using ODA. RBA compares this to the minimum acceptable level of assurance that you have configured. The risk engine then assigns an assurance level such as high, medium, or low to the user's authentication attempt. When the user attempts to authenticate, the risk engine refers to the collected data to evaluate the risk. RSA Authentication Manager contains a risk engine that intelligently accumulates and assesses knowledge about each user’s device and behavior over time. Correct answers to questions can be configured on the Self-Service Console or during authentication when silent collection is enabled. The user must correctly answer one or more security questions. The user must correctly enter a PIN and a one-time tokencode that is sent to a preconfigured mobile phone number or e-mail account. If the assessed risk is unacceptable, the user is challenged to further confirm his or her identity by using one of the following methods: RBA strengthens SecurID authentication and traditional password-based authentication. Risk-based authentication (RBA) identifies potentially risky or fraudulent authentication attempts by silently analyzing user behavior and the device of origin. Risk-Based Authentication Risk-Based Authentication
0 kommentar(er)
