Risk-based Authentication

Risk-based Authentication (RBA) is a new security feature (available as a separate add-on for Hosted Login v2) that protects against fraud and the risks associated with account takeover attacks by forcing users to conduct a secondary authentication to prove their identity if risk signals indicate a threat.

  • An Introduction to Risk-based Authentication. An introduction to Risk-based Authentication and why you might find this new feature useful. Includes information about the new acr_values parameter and the acr amd amr claims.

  • Client Reputation. An RBA module that uses a sophisticated risk-analysis engine to compute a set of “risk scores” for each IP address that tries to access your site. These scores can be used to initiate "step-up" authentication for users deemed to be high-risk (i.e., more likely to engage in web attacks).