Current Access Manager Risk Based Authentication ( RBA ) mitigates risk of a login based on geo location of the user. For example if a user logs in from a known location A, one could configure to ask for X509 authentication instead of simple form based authentication. Another example, if a user logs in from an unknown location, one could configure to request for an OTP or DENY the request to mitigate this risk.
Let us say a user tries to log in from two different countries within a short time. This may not be valid considering the travel time, unless there is a valid reason from the user for sharing the credentials. For example, user A logs in from Germany at 10AM and triggers another login from US at 11AM. Such scenarios can be detected and mitigated by this cool solution.
This solution checks the user's last login time and the country against the current. Last login details are picked from the historical database. Here are the steps to configure this solution