Trust but Verify: Adaptive Risk Authentication

Security threats are constantly evolving. People are always on the go, carrying multiple devices and multi-tasking more than ever. To keep up, you need an identity management solution that can respond to unusual activity with advanced, proactive protections. This is adaptive risk authentication.

ForgeRock Access Management continuously assesses the authenticity of users, devices, things, and services. Through our own adaptive risk engine, contextual information is used to determine the risk of users attempting access. If the user is deemed suspicious, a higher level of authentication or identity-proofing such as a one-time password is requested. It’s that simple.

You’ll get and give peace of mind knowing you can accurately authenticate the user’s identity. If your users log in from a new or unrecognized device, ForgeRock has you covered. Risks change every day. Adaptive risk helps you stay ahead of threats without disrupting your user experience.

Need help planning your identity and access management project?

Secure Access for Applications, Devices and Things

WHITE PAPER
slide07-adaptive-risk

Use contextual information about the connection to determine the risk of a request.

Adaptive Risk Enables You To:

  • Assess risk, requiring stronger authentication mechanisms only when necessary to simplify user experiences while maintaining the security of the system.
  • Enable administrators to integrate and dynamically call third-party services, including FireEye Threat Analytics Platform, LexisNexis, Experian, Equifax, and Guardian Analytics, for identity profiling.
  • Establish greater knowledge about who the user is and the context of their login request, by evaluating each attempted login in real-time and generating a risk score, based on parameters including user location, time zone, device, IP address, time of day, and account idle time.

Technical Resources

Get the technical details on the ForgeRock Access Management offering: