CA Rapid App SecurityCA Advanced AuthenticationCA API Gateway
What is the "Reverse Lookup" and how it works?
Reverse Lookup is a feature in Risk server and can be enabled to mitigate the Step UP's caused by DeviceID not present for some reason, some reasons of DeviceID not present can be-
1. User choosing Private browsing option 2. Upon exit user deleting the browser cookies, DeviceID is a HTTP Cookie and will be deleted if cookies are deleted from browser.
Above are the primary reasons when DeviceID will not come in request, to mitigate the step ups caused by this behavior Risk server has a feature called Reverse Lookup. If is enabled to “Yes” then RiskMinder will, in the absence of a DeviceID, postulate that the user may have deleted browser cookies and attempt to derive the DeviceID by comparing the current fingerprint to the historical record for this particular end user. If the incoming MFP matches above the threshold of stored MFP then that DeviceID for the user is returned.
Where to find this configuration --
1. Login to admin console with Global Admin privileges and go to Organization->Search Org -> Click on org on which it has to be enabled 2. Go to risk configuration and on left side look for Miscellaneous configuration and enable the check box Enable reverse Lookup for Device Identification and make the setting as Yes. 3. Migrate to production and do server cache refresh.
Where to Change the Threshold --
OOTB the setting is set to 80% match for MFP match and then only Reverse Lookup will trigger. This is a godd value to have but for any reason if the value need to be changed, it can be done by following the below steps-
1. Login to admin console with Global Admin privileges and go to Organization->Search Org -> Click on org on which it has to be enabled 2. Go to risk configuration and on left side look for Rules and Scoring Management link. 3. Then choose the Rule set and look for Device MFP Not Match rule and click on that rule. 4. Modify the Reverse Lookup Threshold to desired value and click on update and then click on the update at the bottom of the page. 5. Save the configurations and then to Migrate to Production and then refresh the server cache.