Keng Valued Contributor.
Valued Contributor.
168 views

Risk-based Policy for SAML Apps

Hi All,

I am trying to setup a Risk-based Authentication with a Device Fingerprint rule (30 day expiry) is defined. The AM is integrated with AAF to provide step up authentication.

User will be prompted every 30 day for step up authentication when device fingerprint is expired.

Now I would like such risk-based authentication applied to the SAML Apps, but going through all the rules I don't know what rules to identify these SAML Apps.

Anyone have any examples of Risk Rules for SAML Apps like SAP, Office365 etc ?

Thanks,
Keng
0 Likes
3 Replies
ScorpionSting Absent Member.
Absent Member.

Re: Risk-based Policy for SAML Apps

ktlow;2500605 wrote:
Hi All,

I am trying to setup a Risk-based Authentication with a Device Fingerprint rule (30 day expiry) is defined. The AM is integrated with AAF to provide step up authentication.

User will be prompted every 30 day for step up authentication when device fingerprint is expired.

Now I would like such risk-based authentication applied to the SAML Apps, but going through all the rules I don't know what rules to identify these SAML Apps.

Anyone have any examples of Risk Rules for SAML Apps like SAP, Office365 etc ?

Thanks,
Keng


In the IDP config, you can specify which contract the SAML will use for the SP... Risk Class/Method => +Contract => Assign SAML

Visit my Website for links to Cool Solution articles.
0 Likes
Knowledge Partner
Knowledge Partner

Re: Risk-based Policy for SAML Apps

On 06-06-2019 11:06 AM, ktlow wrote:
>
> Hi All,
>
> I am trying to setup a Risk-based Authentication with a Device
> Fingerprint rule (30 day expiry) is defined. The AM is integrated with
> AAF to provide step up authentication.
>
> User will be prompted every 30 day for step up authentication when
> device fingerprint is expired.
>
> Now I would like such risk-based authentication applied to the SAML
> Apps, but going through all the rules I don't know what rules to
> identify these SAML Apps.
>
> Anyone have any examples of Risk Rules for SAML Apps like SAP, Office365
> etc ?
>
> Thanks,
> Keng
>
>


Risk rules entirely depends on what your organisation finds important and how to determine risk. You define these rules which you then use in a
policy. This policy is used by a (pre)authentication class in NAM. The class is then used by a method and the method is used by a contract which, as
per ScorpionSting's response, you associate with the SP.

--
Cheers,
Edward
0 Likes
Keng Valued Contributor.
Valued Contributor.

Re: Risk-based Policy for SAML Apps

Thanks ScorpionSting and Edward for the heads up.

Set the contract at Step-up Authentication Contract under Options in SAML Configuration and is was working accordingly.

I was get caught by the word Step-up. :rolleyes:
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.