When this rule runs, the iovation response is stored in the com.pingidentity.pa.iovation.kit:policy.decision.outcome property. Valid values are allow, deny, and review. This property can be used by Groovy rules or custom plugins.

  1. Click Access and then go to Rules > Rules.
  2. Click + Add Rule.
  3. In the Name field, enter a unique name. The name can be up to 64 characters long. Special characters and spaces are allowed.
  4. From the Type list, select Iovation Device Risk authorization.
  5. From the iovation Service list, select the third-party service to use for outbound fraud checks to iovation.
  6. In the Blackbox Cookie Name Prefix field, enter the prefix of the cookies containing the iovation blackbox captured previously by the iovation Device Risk Device Profiling rule. The default value is iovation_bb.
  7. In the Subscriber ID field, enter the subscriber ID provided to you by iovation.
  8. In the Subscriber Account field, enter the subscriber account name provided to you by iovation.
  9. In the Subscriber Passcode field, enter the passcode used to authorize your ID and account with iovation.
  10. In the iovation Integration Point field, enter the integration point associated with the rule set you want to use.
  11. Optional: In the Account Code Attribute field, enter the name of an attribute containing a unique identifier for each end-user to send to iovation as the account code.
  12. Optional: In the Transaction Insight Parameter Mappings section, enter one or more mappings of identity attributes in PingAccess to iovation Transaction Insight Parameters. The attributes are provided to iovation in the specified parameters.
    1. In the Attribute Name field, enter the attribute to use as a source.
    2. In the Transaction Insight Parameter field, enter the iovation Transaction Insight Parameter to use for the specified attribute.
    3. Optional: Click Add Row to add one or more additional mappings.
  13. If additional options need to be configured, click Show Advanced.
    Advanced OptionDescription
    Fraud Check Frequency (ms) The number of milliseconds between iovation fraud checks. The default value is 20000.
    iovation Fraud Check API Endpoint The API endpoint to which iovation fraud check requests are directed. If not specified, a value of /fraud/v1/subs/subscriberId/checks is used, where subscriberId is the value in the Subscriber ID field.
    iovation Failure Mode Specifies whether PingAccess should allow or deny access if the communication with iovation is not completed successfully. The default value is Deny.
    Invalid Blackbox Failure Mode

    Specifies whether PingAccess should allow or deny access if the blackbox device profile is not in a usable state. This situation can occur when the blackbox has not already been collected from a previous exchange processed by this rule or when the collected blackbox has reached the end of its lifetime.

    The default value is Deny, which denies access. A value of Continue performs a risk assessment with no blackbox profile, while a value of Allow allows access.

    iovation Protocol Error Handling

    This section specifies the error parameters to use on a failure if there is a failure to communicate with iovation for the fraud check API request.

    In the Error Response Code field, enter the HTTP response code for the error response.

    In the Error Response Template File field, you can enter the name of a customized error page template if you do not want to use the default error page. Templates are stored in the <PA_HOME>/conf/template/ directory.

    In the Error Response Content Type field, you can specify the content type if you are using a custom error response template file.

    Review Fallback Type Specifies whether PingAccess should allow or deny access if iovation returns a review result from the risk assessment. The default value is Deny.
    Review Deny Handling

    This section specifies the error parameters to use on a failure if the Review Fallback Type is set to Deny.

    In the Error Response Code field, enter the HTTP response code for the error response.

    In the Error Response Template File field, you can enter the name of a customized error page template if you do not want to use the default error page. Templates are stored in the <PA_HOME>/conf/template/ directory.

    In the Error Response Content Type field, you can specify the content type if you are using a custom error response template file.

    Deny Handling

    This section specifies the error parameters to use on a failure if iovation returns a Deny (D) result or when the blackbox is not set and the Invalid Blackbox Failure Mode is set to Deny.

    In the Error Response Code field, enter the HTTP response code for the error response.

    In the Error Response Template File field, you can enter the name of a customized error page template if you do not want to use the default error page. Templates are stored in the <PA_HOME>/conf/template/ directory.

    In the Error Response Content Type field, you can specify the content type if you are using a custom error response template file.

  14. Click Save.