Skip to main content

Condition for Adaptive authentication

Introduction

When the authentication is being defined, Soffid allows you to add some adaptive authentications in addition to the Authentication methods. Those adaptive authentications will be evaluated, and when the result of the condition will be true, the rule will be enabled.

Screen overview

Standard attributes

Description

Description to identify the rule

Condition

Allows you to write a script validation, with result true or false. To develop the script you can use some vars defined to that:

There are some available vars to create the condition:

&&TODO&&Revisar las definiciones de los datos

  • dayOfWeek: number of the day of the week (1-7).
  • daysSinceLastLogon: number of days (integer).
  • daysSinceLastLogonFromSameHost: number of days (integer).
  • failuresForSameIp: integer value to determine the number of failures.
  • failuresForSameUser: integer value to determine the number of failures.
  • failuresRatio: value between 0 and 1.
  • hour: integer value between 0 and 23.
  • identityProvider: string value with the name of the identity provider.

  • ipAddress: string with the IP address.
  • minute: integer value between 0 and 59
  • newDevice: boolean value (true or false)
  • sameCountry: boolean value (true or false)
  • serviceProvider: string value with the name of the service provider.
  • sourceCountry: sting value to identify the country.
  • user: string value with the name of a user.

Matrix

To define the authentication methods that will be required to successfully authenticate the user. Each row indicates the first authentication method, and each column indicates the second factor to use.

Actions

Apply changes

Allows you to save the data of a new adaptive authentication or to update the data of the previously created adaptive authentucation.

Add

Allows you to add a new adaptive authentication. When you click the add button (+) Soffid will display new fields to fill in. For each adaptive authentication you must fulfill the description, the condition to evaluate and the matrix which will be enable when the condition will be true.

Then you must click on the "Apply changes" button to save the data.

Delete

Allows you to remove one by one the adaptive authentication defined. You must click on the trash icon the account of the proper rule. Then you must click the "Apply changes" button to save the data.

Up

Allows you to browse up the defined adaptive authentication.

Down

Allows you to browse down the defined adaptive authentication.

Examples

Rule 1
failuresRatio > 0.8
Rule 2
(daysSinceLastLogon > 10) && (ipAddress.startsWith("192.168.")
Rule 3
((dayOfWeek == 7) || (dayOfWeek == 1)) && (user.equals("<USER_NAME>")
Rule 4
"ES".equals(sourceCountry) || ipAddress.startsWith("192.168.")