User Risk Policies
A user risk policy is a set of rules based on the Identity’s activities (last authentication date, last location city, etc) and that applied to the Environment risk.
The system checks this policy:
After the Environment risk policy
Before the Authentication risk policy.
A tenant can have several user risk policies. If an identity matches several user risk policies, the system can apply all of them.
Each user risk policy can include one or more rules. When you write these rules, consider the following groovy context variables:
The assessment of each rule of the user risk policies increases or reduces the existing risk score.
Configuration
🎯 To access the User Risk Policies, click:
Access Risk -> User Risk Policies
System -> Configurations -> Access Risk Service and import or export a file.
Property | Type | Mandatory | Description |
|---|---|---|---|
id |
| MANDATORY | The unique id of the configuration item. |
name |
| MANDATORY | The name of the configuration item. |
description |
| OPTIONAL | The description of the configuration item and its context. |
matchingCondition |
| OPTIONAL | Enter a If there is no To know more, see RBA Rule definition. |
List of | OPTIONAL | The definition of the risk rules to apply. Define the criteria of each rule inside a |
riskRule
Property Name | Type | Mandatory | Description |
|---|---|---|---|
name |
| MANDATORY | The name of the rule. The system returns this value in the RBA output if the rule matched. |
enabled |
| OPTIONAL |
Default value: true |
riskCorrection |
| MANDATORY | The risk correction to apply if Enter a:
Default value: 0. |
matchingCondition |
| MANDATORY | Enter a If there is no To know more, see RBA Rule definition. |
Example
<kit:DataSet xmlns:kit="http://www.memority.com/toolkit/1_0" xmlns:riskrba="http://www.memority.com/risk/rba/1_0" xmlns:rule="http://www.memority.com/toolkit/rule/1_0" xmlns:ruleaddon="http://www.memority.com/toolkit/addons/rule/1_0" xmlns:search="http://www.memority.com/toolkit/search-expression/1_0" xmlns:settings="http://www.memority.com/toolkit/addons/settings/1_0" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" tenant="danube">
<riskrba:UserRiskPolicy id="common-userRiskPolicy">
<name>Common User Risk Policy</name>
<description>Common user risk policy for all users.</description>
<riskRules>
<riskRule>
<enabled>true</enabled>
<matchingCondition>
<script><![CDATA[
// User authenticated within the last 24 hours
LOG.debug("USER-RR-AUTH-1 - DYN.user.lastAuthenticationDate {}", DYN.user.lastAuthenticationDate)
DYN.user.lastAuthenticationDate.isAfter(Instant.now().minus(24, ChronoUnit.HOURS))]]></script>
</matchingCondition>
<name>USER-RR-AUTH-1</name>
<riskCorrection>-5</riskCorrection>
</riskRule>
<riskRule>
<enabled>true</enabled>
<matchingCondition>
<script><![CDATA[
// Assess if user authenticates during the night
LocalTime lt = DYN.location.localTime
LOG.debug("USER-RR-MOM-1 - DYN.location.localTime - {}", DYN.location.localTime)
LOG.debug("USER-RR-MOM-1 - LocalTime.of(22, 0) - {}", LocalTime.of(22, 0))
LOG.debug("USER-RR-MOM-1 - lt.isAfter(LocalTime.of(22, 0)) - {}", lt.isAfter(LocalTime.of(22, 0)))
lt.isAfter(LocalTime.of(22, 0)) || lt.isBefore(LocalTime.of(06, 0))]]></script>
</matchingCondition>
<name>USER-RR-MOM-1</name>
<riskCorrection>20</riskCorrection>
</riskRule>
<riskRule>
<enabled>true</enabled>
<matchingCondition>
<script><![CDATA[
// User authenticated too mutch distance from last authentication
LOG.debug("USER-RR-LOC-2 - DYN.user.lastLocationDistance {}", DYN.user.lastLocationDistance > 100)
LOG.debug("USER-RR-LOC-2 - DYN.user.lastLocationVelocity {}", DYN.user.lastLocationVelocity > 10)
DYN.user.lastLocationDistance > 100 && DYN.user.lastLocationVelocity > 10]]></script>
</matchingCondition>
<name>USER-RR-LOC-2</name>
<riskCorrection>50</riskCorrection>
</riskRule>
</riskRules>
<matchingCondition>
<script><![CDATA[return true]]></script>
</matchingCondition>
</riskrba:UserRiskPolicy>
</kit:DataSet>