Use Case:
Data Loss Prevention Initiated MFA Using Profile Attributes

Data Loss Prevention applications have integration with Access Management applications for the purposes of MFA enforcement. This enforcement will be accomplished during DLP detection event and based on the title of the end user’s identity.

Scenario

Data Loss Prevention (DLP) application initiates MFA challenge based on the end user’s title.

Actions

– Click for larger image –

Success Criteria

  1. End user is presented with MFA challenge as appropriate.

IDSA Security Controls

Risk-based Authentication

Authentication based on risk posture derived from at least one risk engine (Cloud Access Security Broker, Fraud & Risk, UEBA, SIEM).

Profile-based Data Security

Data access based on an identity profile attribute.