ThreatMetrix Integration Kit

Adding review statuses to your authentication policy

By modifying your PingFederate authentication policy to include the review status from ThreatMetrix, you can dynamically change authentication requirements based on security risk level.

About this task

These steps are designed to help you add to an existing authentication policy. You can find general information about configuring authentication policies in Defining authentication policies in the PingFederate documentation.

ThreatMetrix automatically tunes its rules and policies based on user behavior. To accommodate an initial training period, we recommend allowing all transactions to succeed for a period of time, regardless of review status.

Steps

  1. In the PingFederate admin console, go to Authentication > Policies > Policies and select the IdP Authentication Policies checkbox.

  2. Open an existing authentication policy.

  3. In the Policy section, select your ThreatMetrix IdP Adapter instance.

    Adding the adapter to the authentication policy.

  4. Map the user ID into the ThreatMetrix IdP Adapter instance:

    A screenshot that shows the Incoming User ID modal with the user identifier selected.

    1. Under the ThreatMetrix IdP Adapter instance, click Options.

    2. On the Options modal, in the Source list, select a previous authentication source that collects the user ID.

    3. In the Attribute list, select the user ID.

    4. Select the User ID Authenticated checkbox.

    5. Click Done.

  5. Define policy paths based on the information provided by ThreatMetrix:

    Branching the authentication policy based on details from ThreatMetrix.

    1. Under the ThreatMetrix IdP Adapter instance, click Rules.

    2. On the Rules modal, in the Attribute Name list, select reviewStatus.

    3. In the Condition list, do one of the following:

      • For reviewStatus, select equal to.

      • For reasonCode, select multi-value contains.

    4. In the Value field, do one of the following:

      • For reviewStatus, enter pass, review, challenge, or reject.

      • For reasonCode, enter a ThreatMetrix reason code.

        Reason codes reflect the policy or policies that ThreatMetrix used to determine the review status. In the ThreatMetrix admin console, set meaningful names for your policies and enter those names here.

    5. In the Result field, enter a name.

      This appears as a new policy path that branches from the ThreatMetrix IdP Adapter.

    6. If you want to add more authentication paths, click Add and repeat steps b - e.

    7. (Optional) Clear the Default to success checkbox.

    8. Click Done.

  6. Configure each of the authentication paths.

    If ThreatMetrix is unreachable or returns an error, the Failure mode advanced setting assigns a default review status. As a result, the Fail outcome of the ThreatMetrix IdP Adapter instance isn’t used.

    Learn more in ThreatMetrix IdP Adapter settings reference.
    The complete authentication policy.

  7. Click Done. On the Policies page, click Save.