After disabling the Remembered Device option, users are directly logged in and Radius Validation Server logs show the authentication was successful.
This behavior is observed when Intelligent Authentication (IA) is enabled at the VIP manager account level:
IA uses three risk engines: A rules Engine, a Behavior (learning) engine, and a Device engine.
Rules Engine: Match against various configurations and data feeds to determine if a transaction is risky (e.g. a list of risky IPs or risky countries).
Behavior Engine: Match against past transactions for a user to determine if that user's behavior is unusual (e.g. new user, the user logging in with elements of their user agent string, browser version, unusual travel patterns, etc). Initially, when unusual behavior is triggered, the transaction is flagged as risky and the end-user is challenged for MFA. However, over time, similar repetitive behavior creates a pattern that lowers the risk score for that user. Bbecause they passed MFA prompts successfully, that behavior is no longer flagged as risky.
Summary: The VIP IA system collates the risk evaluations of each risk engine. If the risk contribution of each engine results in a risk score below the risk threshold configured in VIP Manager IA settings, the transaction is treated as non-risky.
If VIP APIs are integrated into your application, you can evaluate the IA result and decide how to handle the risk level. (for example, MFA step-up auth, a request to call a call center for verification, etc).
VIP Intelligent Authentication is a VIP Authentication method. If an IA authentication passes successfully without a risky result, this is considered a secure attempt, and no additional authentication from the user is required.