Reverse Lookup definition and usage in Risk Authentication
search cancel

Reverse Lookup definition and usage in Risk Authentication

book

Article ID: 105807

calendar_today

Updated On:

Products

CA Advanced Authentication CA Risk Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort)

Issue/Introduction

What is the "Reverse Lookup" in CA Risk Authentication and how does it work?

Environment

CA Risk Authentication ( RiskMinder) 

Resolution

Reverse Lookup is a feature in Risk server and can be enabled to mitigate the Step UP's caused by DeviceID not present for some reason, some reasons of DeviceID not present can be-

1. User choosing Private browsing option
2. Upon exit user deleting the browser cookies, DeviceID is a HTTP Cookie and will be deleted if cookies are deleted from browser.

Above are the primary reasons when DeviceID will not come in the request, to mitigate the step-ups caused by this behavior Risk server has a feature called Reverse Lookup. If is enabled to “Yes” then RiskMinder a.k.a Risk Authentication will, in the absence of a DeviceID, postulate that the user may have deleted browser cookies and attempt to derive the DeviceID by comparing the current fingerprint to the historical record for this particular end user. If the incoming MFP matches above the threshold of stored MFP then that DeviceID for the user will be returned, it is important that the USERDEVICEASSOCIATED rule is enabled else you may get some random DeviceID and not the one which user has created association in the past.

Where to find this configuration --

1. Login to admin console with Global Admin privileges and go to Organization->Search Org -> Click on org on which it has to be enabled
2. Go to risk configuration and on left side look for Miscellaneous configuration and enable the check box Enable reverse Lookup for Device Identification and make the setting as Yes.
3. Migrate to production and do server cache refresh.

Where to Change the Threshold --

OOTB the setting is set to 80% match for MFP match and then only Reverse Lookup will trigger. This is a good value to have but for any reason if the value need to be changed, it can be done by following the below steps-

1. Login to admin console with Global Admin privileges and go to Organization->Search Org -> Click on org on which it has to be enabled
2. Go to risk configuration and on left side look for Rules and Scoring Management link.
3. Then choose the Rule set and look for Device MFP Not Match rule and click on that rule.
4. Modify the Reverse Lookup Threshold to desired value and click on update and then click on the update at the bottom of the page.
5. Save the configurations and then to Migrate to Production and then refresh the server cache.