ThreatMetrix Integration Kit

ThreatMetrix IdP Adapter settings reference

The following are setting descriptions for the ThreatMetrix IdP Adapter.

Standard fields
Field Description

Org ID

The org ID that you noted in Configuring ThreatMetrix.

This field is blank by default.

API Key

The API key that you noted in Configuring ThreatMetrix.

This field is blank by default.

Policy Name

The name of the policy to use when requesting a review status.

The default value is default.

ThreatMetrix Base URL

The ThreatMetrix API URL. If ThreatMetrix changes this URL, enter the new URL.

The default value is https://h-api.online-metrix.net.

Device Profiling

Determines whether the adapter creates a new ThreatMetrix session ID, or receives one from another source.

Your selection depends on which of the Device profiling methods you set up.

Create new device profile

Select this if you used one of the "basic" device profiling methods.

The ThreatMetrix IdP Adapter creates a new ThreatMetrix session ID.

In authentication API mode, the adapter provides a session ID to your web app.

Otherwise, the adapter shows the built-in device profiling page that runs the device profiling script.

Use existing ThreatMetrix session ID

Select this if you used one of the "enhanced" device profiling methods.

In authentication API mode, the adapter looks for a session ID provided in response to the SESSION_ID_REQUIRED.

Otherwise, the adapter looks for a session ID provided in an HTTP cookie.

The default value is Create new device profile.

Device Profiling Script Source

Determines the script used to create the device profile.

The ThreatMetrix SDK script runs locally, and the ThreatMetrix Web script fetches the latest device profiling script from ThreatMetrix each time. For details, see Introduction to Profiling in the ThreatMetrix documentation.

Applies only with the "Built-in (basic)" device profiling method.

The default value is ThreatMetrix Web.
Advanced fields
Field Description

Device Profiling Domain

The domain used for device profiling. Applies when Device Profiling is set to Create new device profile. If you requested a custom device profiling domain in Configuring ThreatMetrix, enter it here.

The default value is h.online-metrix.net.

Device Profiling Timeout

The amount of time in milliseconds that PingFederate waits for the device profiling script to collect device details. Applies only when Device Profiling is set to Create new device profile.

The minimum value is 3000.

The default value is 5000.

Cookie Name

The name of the cookie that contains the device profile. Applies only when Device Profiling is set to Use existing ThreatMetrix session ID.

If you customized the name for the cookie in the optional Integrating device profiling - Web app (enhanced) steps, enter the same name in this field.

The default value is tmxSessionID.

Service Type

Determines the attributes and sign-on event data that ThreatMetrix provides in the response. For details, see the service_type parameter in .threatmetrix.com/kb/index.htm//[Session Query Parameters] in the ThreatMetrix documentation.

The default value is session-policy.

Failure Mode

When ThreatMetrix is unavailable or an error occurs, this setting determines the default review status.

To allow users to continue to sign on by satisfying stricter authentication requirements, select "review".

Setting this field to “pass” is not recommended outside a test environment.

Unknown Session Mode

When ThreatMetrix returns an unknown session, this setting determines the review status used.

Setting this field to “pass” is not recommended outside a test environment.

Session Query API Endpoint

The ThreatMetrix Session Query API endpoint. If ThreatMetrix changes this endpoint, enter the new endpoint.

The default value is /api/session-query.

Update API Endpoint

The ThreatMetrix Update API endpoint. If ThreatMetrix changes this endpoint, enter the new endpoint.

The default value is /api/update.

Update API Enabled

After a user with a "review" status moves through the PingFederate authentication policy, the adapter informs ThreatMetrix whether authentication ultimate succeeded. This helps improve future risk assessments.

If your authentication policy doesn’t require users with a "review" status to pass any other authentication challenges, clear this check box to skip the update step.

This check box is selected by default.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with ThreatMetrix or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 2000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.