iovation Device Risk integration
Control access to a protected PingAccess Web application or resource based on an iovation Device Risk result. The iovation Device Risk integration provides access to two new PingAccess rules:
- iovation Device Risk Device Profiling rule
-
Enables you to gather data about the end-user’s system. This rule:
-
Must be invoked before a request that uses the iovation Device Risk Authorization rule
-
Can’t be used for POST requests
-
Only functions on requests from a top-level browsing context
-
- iovation Device Risk Authorization rule
-
Enables you to allow or deny access based on Device Risk’s evaluation of the user’s system.
This rule must be invoked after the iovation Device Risk Device Profiling rule, within the time period defined by the Blackbox time to live (sec.) field.
Integration requirements
Installation requirements:
-
If you operate PingAccess in a cluster, you must install the iovation Device Risk integration on each node in the deployment.
Usage requirements:
-
Both rules require authentication, so you can only use them on protected applications and resources.
-
The rules are only applicable to PingAccess Web applications.
Learn more about Web type applications in Application field descriptions.
Documentation scope
This guide covers the following topics:
-
Installing the iovation Device Risk Integration Kit: Configure PingAccess for integration with iovation Device Risk.
-
Creating iovation Device Risk device profiling rules: Use iovation Device Risk device profiling to gather information about the end-user’s system for evaluation.
-
Creating iovation Device Risk authorization rules: Share device information with iovation Device Risk, request evaluation, and allow or deny access based on the returned risk result.
-
Logging iovation events: Update the
<PA_HOME>/conf/log4j2.xml
file to enable iovation event logging. -
Improving iovation accessibility using a reverse proxy: Use Postman to improve iovation accessibility, even for users that block third-party content, by configuring a reverse proxy to communicate with iovation.