Skip to main content

Condition for Adaptive authentication

Introduction

When the authentication is being defined, Soffid allows you to add some adaptive authentications in addition to the Authentication methods. Those adaptive authentications will be evaluated, and when the result of the condition will be true, the rule will be enabled.

Screen overview

Standard attributes

Description

Description to identify the rule

Condition

Allows you to write a script validation, with result true or false. To develop the script you can use some vars defined to that:

There are some available vars to create the condition:

  • dayOfWeek
  • daysSinceLastLogon
  • daysSinceLastLogonFromSameHost
  • failuresForSameIp
  • failuresForSameUser
  • failuresRatio
  • hour

  • identityProvider

  • ipAddress
  • minute
  • newDevice
  • sameCountry
  • serviceProvider
  • sourceCountry
  • user

Matrix

To define the authentication methods that will be required to successfully authenticate the user. Each row indicates the first authentication method, and each column indicates the second factor to use.

Examples

Rule 1
failuresRatio > 0.8
Rule 2
(daysSinceLastLogon > 10) && (ipAddress.startsWith("192.168.")
Rule 3
((dayOfWeek == 7) || (dayOfWeek == 1)) && (user.equals("USER_NAME")
Rule 4
"ES".equals(sourceCountry) || ipAddress.startsWith("192.168.")
Back to top