Overview of ThreatMetrix

The device profile is collected by a JavaScript script that runs during the sign-on flow. There are various ways to collect the device profile, as described in Device profiling methods.

ThreatMetrix also provides two script options. The ThreatMetrix SDK script runs locally, and the ThreatMetrix Web script fetches the latest device profiling script from ThreatMetrix each time. You can find more information in Introduction to Profiling (requires sign-on) in the ThreatMetrix documentation.

ThreatMetrix assigns a session ID to every authentication session. This session ID is associated with the device profile, and can be used to send in additional (optional) user attributes from the ThreatMetrix IdP Adapter. The session ID also allows the adapter to get the resulting review status and reason code from the risk assessment.

In some device profiling methods, the session ID is passed to or from the ThreatMetrix IdP Adapter to coordinate sending information to ThreatMetrix from multiple sources for the same authentication session.

When sending the device profile to ThreatMetrix, you can also provide user attributes such as name, address, and email. Use these in your ThreatMetrix policies to affect risk assessments.

ThreatMetrix evaluates risk for a sign-on event by using configurable policies. The result is a review status value of pass, review, challenge, or reject.

You can configure your PingFederate authentication policy to determine how each of the pass, review, challenge, and reject results affects a user’s ability to sign on. For example, you can prompt a user for a second authentication factor if their review status is review.

The response from ThreatMetrix also contains attributes and sign-on event data.

In your ThreatMetrix IdP Adapter instance configuration, you can capture this information and make it available to other adapters and contracts in the PingFederate authentication policy.