Pre-Login Risk Evaluation Workflow

When a user accesses your online application, you can assess them for potential risk even before they log in by implementing this workflow. This workflow will only use inputs related to device identification and location information (such as IP address, Device ID, and DeviceDNA) and rules that do not require user-specific information as the criterion for risk evaluation.
aa813test
2115264
When a user accesses your online application, you can assess them for potential risk even before they log in by implementing this workflow. This workflow will only use inputs related to device identification and location information (such as IP address, Device ID, and DeviceDNA) and rules that do not require user-specific information as the criterion for risk evaluation.
If you call CA Risk Authentication’s risk analysis capability even before a user logs in to your online application, then the risk evaluation workflow is as follows:
  1. User accesses your online application.
    When a user accesses your online application, you can assess them for potential risk even before they log in.
  2. Your application collects information required by CA Risk Authentication.
    At this stage, your application collects information from the user’s system that will be used by CA Risk Authentication for analyzing risk:
    • User system information
      that includes operating system, platform, browser information (such as browser language, HTTP header information), locale, and screen settings. Your application uses CA Risk Authentication's Utility Script called CA Risk Authentication-client.js to collect this information.
    • Device information
      that includes Device ID, which is stored on the end user's device.
    • Location information
      that includes IP address and Internet Service Provider related information.
    • (
      Optionally, if you are using additional information
      )
      Additional Inputs
      that are specific to custom rules or the channel selected.
  3. Your application calls CA Risk Authentication’s evaluateRisk() function.
    At this stage, your application must call the evaluateRisk() function in riskfortAPI. In this call, you must pass the information that you collected in the preceding step to CA Risk Authentication.
  4. CA Risk Authentication performs risk analysis for the user.
    CA Risk Authentication generates the appropriate risk score and advice based on the passed user inputs and configured rules.
  5. Your application validates the user.
    Based on CA Risk Authentication’s recommendation, your application can allow the user to proceed with the login process or can deny access to your system.
    The following figure illustrates the Pre-login risk evaluation workflow.
    Pre-login risk evaluation workflow.png