Is it required to call Post Evaluate all the time after Evaluate Risk?
search cancel

Is it required to call Post Evaluate all the time after Evaluate Risk?

book

Article ID: 38114

calendar_today

Updated On:

Products

CA Advanced Authentication CA Risk Authentication CA Advanced Authentication - Risk Authentication (RiskMinder / RiskFort)

Issue/Introduction

Is it required to call Post Evaluate all the time after Evaluate Risk(even if evaluateRisk advice is ALLOW)? 

Environment

CA Risk Authentication

Advanced Authentication

Resolution

At the final stage of Risk Authentication workflow, client application must call the Post Evaluate Risk API for any evaluateRisk advice(ALLOW,INCREASEAUTH,ALERT,DENY). Based on the output generated by the Evaluate Risk API call, this call helps CA Risk Authentication generate the final advice and update the device and association information. 

During postEvaluate call, CA Risk Authentication updates the device and association information. If any change is detected in the incoming data(e.g. MFP,deviceid), CA Risk Authentication updates the data and association information in the CA Risk Authentication database: 

- In the case of ALLOW, the user-device association information is updated. 

- In the case of ALERT and DENY, the user-device association information is not updated at all. 

- In the case of INCREASEAUTH, the user-device association information is updated, but the user association information is created only if the result of the additional(Secondary) authentication was successful. 

In postEvaluate call, you must pass the risk score and advice from the evaluateRisk call, the result of secondary authentication (if the advice in the previous step was INCREASEAUTH), and any association name, if the user specified one.

Additional Information

Please refer to Post-Login Risk Evaluation Workflow for related information.