Only one Device Fingerprint rule is allowed per Access Manager setup. If you make any change in the Device Fingerprint rule, the change is applicable to all risk policies that use this rule.
Perform the following steps to configure a Device Fingerprint rule:
Click Policies > Risk-based Policies > Rules.
Click the Create Rule icon.
Specify a name for the rule and then select Device Fingerprinting Rule in Rule Definition.
Specify the following details:
Field |
Description |
---|---|
Valid for |
Specify the number of days for which you want to use the stored fingerprint. |
Store Fingerprint in |
Select any one of the following options:
For more information, see Understanding Device Fingerprint Parameters. |
Fingerprints stored per user |
Specify the number of fingerprints you want to store per user. This option is applicable only when you select Server to store fingerprints. The permissible value is 1 to 20. |
Prompt User Consent |
Select this option if you want users to provide their consent before storing the device fingerprint. |
Refresh Fingerprint Validity |
If you select this option, the fingerprint becomes valid again for the time specified in Valid for if the user logs in from that device within the specified time. |
Send Email Notification |
Select this option if you want to send a mail to a user when the user logs in using an unknown device. You must configure the email server for this option to work. For more information, see Section 3.11, Email Server Configuration. |
Click Parameter Settings if you want to modify the default settings. For information about parameters, see Section 5.9.2, Understanding Device Fingerprint Parameters.
For information about how to assign a rule to a risk-policy, see Configuring a Risk Policy.
For information about risk-based authentication, see Risk-based Authentication.