Security Control - Multiple Authentication Session Device Management  
Description Detection of multiple authentication sessions from different mobile devices
Components and Required Capabilities

 Access Management

  • Must have the ability to determine the user has another session
  • Must have the ability to provide MFA based on response of user anomaly
  • Must have the ability to send data to Fraud & Risk based on multiple sessions
  • Must have the ability to query EMM for device status

Enterprise Mobility Management (EMM)

  • Must have the ability to provide managed device status
Best Practice Recommendation

For authentication, consider implementing a Single-Sign On (SSO) solution early in the maturity of the program as it provides some big wins especially with removing core access quickly on a termination.  External SaaS applications, or cloud-based vendor/3rd party apps can be integrated into SSO with federation services.   Once deployed and functional, you can augment it with more sophisticated SSO and MFA scenarios. For example, SSO based on context authentication, risk score and policy based access control.  

Interaction Diagram