Using CrowdStrike Risk Level
Because the CrowdStrike IdP Adapter relies on the CrowdStrike Agent ID that is automatically detected and returned by the Google Chrome Enterprise Device Trust IdP Adapter, the CrowdStrike IdP Adapter is designed to work with the Google Chrome Enterprise Device Trust IdP Adapter flow.
|
If you can make the CrowdStrike Agent ID of the authenticating user available to the CrowdStrike IdP Adapter without using the Google Chrome Enterprise Device Trust IdP adapter, then you don’t need to configure the Google Chrome Enterprise Device Trust IdP adapter in the PingFederate authentication policy. |
The CrowdStrike IdP Adapter fulfills the riskLevel core contract attribute value based on the response it receives from the Google Chrome Enterprise Device Trust IdP Adapter and the threshold adapter’s configuration. For example:
-
If there are no incidents, or the returned score is less than the Low Score Threshold adapter configuration value, the
riskLevelcontract value is set to the valuezero_incidents. -
If an incident is detected with a risk score in the range of the High Score Threshold, Medium Score Threshold, or Low Score Threshold field values as described in the CrowdStrike IdP Adapter settings reference, the
riskLevelcontract value is set to a value ofhigh,medium, orlowaccordingly.
The following policy configuration shows a typical use case where a request coming from a trusted device goes through the Google Chrome Enterprise Device Trust IdP adapter and reaches the CrowdStrike IdP Adapter. The authentication policy is subsequently configured to handle and branch out based on different risk level scores.
