Overview of iovation Device Risk
Iovation Device Risk collects a device profile and other transaction data and uses a series of rules to evaluate the level of security risk for a transaction. The type of transaction is flexible, but in the context of PingFederate it is typically a user sign-on event.
Device profile, blackbox, and transaction insight parameters
When a user signs on, iovation JavaScript collects hundreds of data elements associated with the device, including the device type, geolocation information, information about the browser, and system settings such as language settings. Together, this data is called the "device profile".
The iovation JavaScript encrypts the device profile in a package called a "blackbox".
In addition to the device profile data, you can take attributes from previous authentication sources and send them to iovation as transaction insight parameters.
The iovation IdP Adapter sends the blackbox and transaction insight parameters to iovation for analysis.
Integration points
Each iovation IdP Adapter instance communicates with the iovation API through a specific "integration point". Each integration point typically represents one type of interaction, such as "login" or "password change". For guidance on integration point design, see Planning and Designing Integration Points in the iovation Help Center.
Rule sets and business rules
Each integration point is associated with one rule set, which is a collection of business rules and rule groups.
Each business rule has a numeric weight assigned to it. When the conditions of the rule are met by the device profile or transaction data, the weight affects the total risk score for a transaction.
For a list of business rule categories, see About iovation Device Risk in the iovation Help Center.
For an example business rule scenario, see Business Rule Basics in the iovation Help Center.
Risk results
After processing the device profile through the rule set, Device Risk matches the resulting risk score to one of three risk results: allow, review, or deny. The rule set determines the numeric threshold associated with each of the results. For details about result thresholds, see About Rule Weights and Thresholds in the iovation Help Center.
The iovation API provides the risk result and other data in a response to PingFederate. By including the risk result in your authentication policy, you decide how each of the allow, review, and deny results affects a user’s ability to sign on in your environment.