Overview of ThreatMetrix
ThreatMetrix evaluates the level of security risk for a user sign-on event based on a device profile and user attributes.
Device profile
The device profile is collected by a JavaScript script that runs during the sign-on flow. There are various ways to collect the device profile, as described in Device profiling methods.
ThreatMetrix also provides two script options. The ThreatMetrix SDK script runs locally, and the ThreatMetrix Web script fetches the latest device profiling script from ThreatMetrix each time. For more information, see Introduction to Profiling in the ThreatMetrix documentation.
Session ID
ThreatMetrix assigns a session ID to every authentication session. This session ID is associated with the device profile, and can be used to send in additional (optional) user attributes from the ThreatMetrix IdP Adapter. It also allows the adapter to get the resulting review status and reason code from the risk assessment.
In some device profiling methods, the session ID is passed to or from the ThreatMetrix IdP Adapter to coordinate sending information to ThreatMetrix from multiple sources for the same authentication session.
User attributes
When sending the device profile to ThreatMetrix, you can also provide user attributes such as name, address, and email. Use these in your ThreatMetrix policies to affect risk assessments.
For the complete list of attributes that ThreatMetrix can collect, see Session Query API in the ThreatMetrix documentation.
Review statuses
ThreatMetrix evaluates risk for a sign-on event by using configurable policies. The result is a "review status" value of "pass", "review", "challenge", or "reject".
You can configure your PingFederate authentication policy to determine how each of the "pass", "review", "challenge", and "reject" results affects a user’s ability to sign on. For example, you can prompt a user for a second authentication factor if their review status is "review".
Attributes and sign-on event data in the response from ThreatMetrix
The response from ThreatMetrix also contains attributes and sign-on event data.
In your ThreatMetrix IdP Adapter instance configuration, you can capture this information and make it available to other adapters and contracts in the PingFederate authentication policy.