Update values for deviceFPExpiryMaxBindingLife and deviceFPExpiryInactivityTime in Device Recognition Risk rule
search cancel

Update values for deviceFPExpiryMaxBindingLife and deviceFPExpiryInactivityTime in Device Recognition Risk rule

book

Article ID: 406491

calendar_today

Updated On:

Products

Symantec Identity Security Platform - IDSP (formerly VIP Authentication Hub)

Issue/Introduction

This Knowledge base article describes how you can update the values for the deviceFPExpiryMaxBindingLife and deviceFPExpiryInactivityTime in Device Recognition Risk rule.

Environment

VIP Authentication Hub

Release: All

Resolution

When a user logs in using a device for the first time, the device recognition rule treats the user transaction as risky as the device is not registered and creates a device tag for it. However, if the user logs in for a subsequent time using the same device, then this device signature has a device tag associated with this user from the user's initial transaction. This device is then treated as a registered device, and the risk score that is calculated is much lesser.

Settings Name
 
deviceFPExpiryMaxBindingLife
Indicates the max allowed days for user to device Tag binding. This is tied to the last created time. You can get the risk reason as -  "DEVICE_EXPIRED_MAX_LIFE"
90
0 - 365
deviceFPExpiryInactivityTime
Indicates the max number of days after which an inactive Fingerprint (FP) is deleted. This is tied to the last access time. You can get the risk reason as - "DEVICE_EXPIRED_NO_AUTH"
360
0 - 365
Description
Default Value
Possible Value
 
 
 
 

Below steps describe the procedure to update the values:

  • Obtain the Access Token using the Postman collection under Tenant Admin Operations
  • Call the API https://{{sspHost}}/{{apiPathTenant}}/iarisk/v1/RiskRules to get all the rules and their configured values.
  • Use the PUT method and in request get all the values received from the above GET call and then update the respective values.
Powered by Wolken Software