Is it required to call Post Evaluate all the time after Evaluate Risk(even if evaluateRisk advice is ALLOW)?
CA Risk Authentication (any release)
At the final stage of Risk Authentication workflow, client application must call the Post Evaluate Risk API for any evaluateRisk advice(ALLOW,INCREASEAUTH,ALERT,DENY). Based on the output generated by the Evaluate Risk API call, this call helps CA Risk Authentication generate the final advice and update the device and association information.
During postEvaluate call, CA Risk Authentication updates the device and association information. If any change is detected in the incoming data(e.g. MFP,deviceid), CA Risk Authentication updates the data and association information in the CA Risk Authentication database:
- In the case of ALLOW, the user-device association information is updated.
- In the case of ALERT and DENY, the user-device association information is not updated at all.
- In the case of INCREASEAUTH, the user-device association information is updated, but the user association information is created only if the result of the additional(Secondary) authentication was successful.
In postEvaluate call, you must pass the risk score and advice from the evaluateRisk call, the result of secondary authentication (if the advice in the previous step was INCREASEAUTH), and any association name, if the user specified one.
Please refer to Post-Login Risk Evaluation Workflow for related information.