Use Case - Access Management Utilization of Risk Data
Recommended Implementation Details
Scenario Access Management utilizes risk data in the authentication process
Description Access Management has integration with Fraud and Risk system. This integration allows access management to determine the authentication flow based on a risk profile. If zero to small risk, let the user authenticate seamlessly, if larger risk make the authentication process more secure (MFA, potentially fail authentication all together).
IDSA Security Controls
Actions
Success Criteria
  1. End user is able to access the Access Management portal and the desired protected application when appropriate 
  2. If the end user is found to have a risk status as defined above they are additionally challenged or rejected as appropriate based on their risk level