Overview of the Intelligent Adaptive Authentication integration
With Intelligent Adaptive Authentication you can integrate user registration, authenticator activation, and flows with remote authentication performed by a trusted device. Such a trusted device is a mobile application with an integration of the OneSpan Mobile Security Suite Orchestration SDK.
Preparing the integration of Intelligent Adaptive Authentication
Integration of Intelligent Adaptive Authentication with OneSpan Mobile Security Suite Orchestration SDK
To prepare the integration of Intelligent Adaptive Authentication into your solution, proceed with the following steps:
- Download the WebApp Sample Code.
- Read the Orchestration SDK Integration Guide at Mobile Security Suite > Guides > Integration Guides.
- Download the relevant Orchestration SDK binary for Android and iOS, including the mobile application sample.
- Read the Risk Analytics Client Device Data Collector SDK
The OneSpan Client Device Data Collector (CDDC) SDK provides facilities to aggregate information from various mobile sources for risk evaluation of mobile transactions by OneSpan Risk Analytics. It interacts with other (required) components of your mobile solution and helps you to enhance the security of your mobile applications. Integration Guide and download the CDDC Integration Sample Code.
Integration steps
To integrate Intelligent Adaptive Authentication step-by-step
- Integrate the OneSpan CDDC JavaScript
OneSpan CDDC JavaScript helps you to collect the required information of the initiated client device: browser, operating system, and general computer information. With this JavaScript you can include fingerprint data and hash values, that must be retrieved by your application server and provided to the Intelligent Adaptive Authentication APIs, into your web forms. into the login page of your web application.
- Implement the Intelligent Adaptive Authentication user registration in your web application to start the authenticator provisioning
handled by the Orchestration SDK . - Register your application for notification in the OneSpan Community Portal and integrate the Orchestration SDK in your mobile application.
-
Implement Intelligent Adaptive Authentication login and transaction in your web application to support intelligent adaptive authentication.
When implementing Intelligent Adaptive Authentication, ensure to select the correct endpoints and request body values from the OneSpan Trusted Identity platform API
Provides the endpoints that are required for the successful completion of the operations.:
-
For login operations with Intelligent Adaptive Authentication, select AdaptiveLoginInput as the object type from the drop-down list of the POST /users/{userID@domain}/login endpoint. -
For transaction operations, select AdaptiveTransactionValidationInput as the object type from the drop-down list of the POST /users/{userID@domain}/transactions/validate endpoint.
-
Changing Risk Management component rules
When you have set up your sandbox environment and integrated all necessary components, you can log on to the Risk Management component The Risk Management component is a highly versatile, reliable, and scalable fraud management system used for monitoring online banking applications and payment processing across multiple channels; it helps to protect against anti-money-laundering (AML), online banking fraud, and to comply with regulations. and browse to the default rules
Rules are used to define sets of criteria to verify if an event (transaction and non-monetary event) matches any fraudulent behavior. If an event matches a previously defined rule, an alert can be raised. provided for Intelligent Adaptive Authentication.
By defining rules and rule criteria in the Risk Management component you centrally define criteria to analyze risks and set the appropriate action you want to perform (reject a login, challenge the user with biometric authentication etc.). To access the Adaptive Authentication rules, in the Risk Management component navigate to DESIGN RULES & ACTIONS > Rule Management > Rules and configure the rules as required.
For a detailed description of rules in the Risk Management component and how to change them, refer to the Risk Analytics Admin Guides.