Implicit Enrollment
In case of implicit enrollment, you do not need to call CA Risk Authentication’s createUserRequest message explicitly from your application’s code to create a user in CA Risk Authentication database. Instead when CA Risk Authentication generates the ALERT advice for an "unknown user", it automatically calls the function to enroll the user.
aatest
2115408
In case of
implicit enrollment
, you do not need to call CA Risk Authentication’s createUserRequest message explicitly from your application’s code to create a user in CA Risk Authentication database. Instead when CA Risk Authentication generates the ALERT advice for an "unknown user", it automatically calls the function to enroll the user.For this enrollment to work, it is important that you first set the
Mode of User Enrollment
as Implicit
in the Miscellaneous Configurations page of Administration Console.The steps for the implicit enrollment workflow are:
- User logs into your online application.Your system validates if the user exists in your system. If the user name is not valid, then your application must take appropriate action.
- Your application collects information required by CA Risk Authentication.At this stage, your application collects information from the user’s system that will be used by CA Risk Authentication for analyzing risk:
- User system informationthat includes operating system, platform, browser information (such as browser language, HTTP header information), locale, and screen settings. Your application uses CA Risk Authentication's Utility Script called CA Risk Authentication-client.js to collect this information.
- Device informationthat includes Device ID, which is stored on the end user's device.
- Location informationthat includes IP address and Internet Service Provider related information.
- (Optionally, if you are using additional information)Additional Inputsthat are specific to custom rules or the channel selected.
- Your application calls CA Risk Authentication’s evaluateRisk() function.At this stage, your application must call the evaluateRisk() function in riskfortAPI. In this call, you must pass all the user and device information that you collected in the preceding step to CA Risk Authentication.
- CA Risk Authentication performs risk analysis for the user.In this case, because the user is not yet "known" to the CA Risk Authentication system, the default ALERT advice is generated.
- CA Risk Authentication creates the user in database.For an ALERT advice that is generated, CA Risk Authentication uses the createUserRequest message in the ArcotUserRegistrySvc Web service to create the user record in the CA Risk Authentication database. With this, the user is enrolled with CA Risk Authentication.Book:See "Managing Users and Accounts" in theCA Risk Authentication Web Services Developer’s Guidefor detailed information on the createUserRequest message.
- Your application calls CA Risk Authentication’s evaluateRisk() function again.At this stage, your application must again call the evaluateRisk() function in riskfortAPI. In this call, you must ensure that you pass all the user and device information that you collected in Step 2 to CA Risk Authentication.
- CA Risk Authentication performs risk analysis for the user.In this case, CA Risk Authentication executes the rules and generates the risk score and the advice.
- Your application stores the Device ID on the end user’s system.After the user has been created, your application must store the Device ID returned by evaluateRisk() as a cookie on the device that user is using for the current transaction.The following figure illustrates the implicit enrollment workflow when CA Risk Authentication automatically creates the user.
