The iovation FraudForce integration must be installed on each node in the deployment. Once installed, it creates two new rules, which you can use to perform FraudForce checking and grant or deny access based on FraudForce's results.

The first rule, the iovation FraudForce Device Profiling rule, lets you gather data about the end user's system. This rule must be invoked before a request that uses the iovation FraudForce Authorization rule. It cannot be used for POST requests, and only functions on requests from a top-level browsing context.

The second rule, the iovation FraudForce Authorization rule, lets you allow or deny access based on FraudForce's evaluation of the user's system. This rule must be invoked after the iovation FraudForce Device Profiling rule, within the time period defined by the Blackbox time to live (sec.) field.

Both rules require authentication, so they can only be used on protected applications and resources. The rules are only applicable to Web applications.

Enable logging for iovation events by updating the <PA_HOME>/conf/log4j2.xml file.

You can improve the accessibility of iovation, even to users that block third-party content, by configuring a reverse proxy for communicating with iovation.

The following topics are discussed in this guide: