Hi, and thanks for joining. Today, we'll be exploring the adaptive authentication capabilities provided by OneLogin SmartFactor Authentication. SmartFactor Authentication is comprised of six components designed to enhance your security posture. In this video, we'll be exploring the adaptive authentication components of SmartFactor, starting with the Vigilance AI engine, which is designed to monitor user login behavior and generates risk scores that reflect how closely each login attempt aligns with the user's typical login behavior.
The risk score generated by vigilance I can then be used to suppress MFA prompts when a user's login behavior closely matches their typical login routines. This feature, called Smart MFA, streamlines the login process for users with low risk scores. Smart Access goes a step further by denying access to users exhibiting high risk behavior. Smart Access can be applied to portal login attempts or login attempts to specific applications. In general industry terms, these components are referred to as adaptive authentication.
Now let's dive a bit deeper into each of these components, starting with OneLogin's Vigilance AI engine and its ability to generate risk scores that reflect the riskiness of a login attempt based on a user's normal login behavior. When a user logs in to OneLogin, the context of their login is tracked by Vigilance AI. This context includes their location information, the device they're logging in from, the browser they're using, and other details like the time of day.
The Vigilance AI engine takes in all of this contextual information and forms a typical login behavior profile for each user. This typical behavior profile is then compared to the user's login context each time they log in. Then, based on how close the current login behavior is to the user's typical login behavior, a risk score is assigned to a user's login attempt.
The closer a user is to their normal or typical behavior, the lower their risk score will be. In other words, if the user consistently logs in from the same location using the same device and browser during normal working hours, they will receive a low risk score. Conversely, the farther a user is from their typical behavior, the higher the risk score will be. For example, if a user attempts to log in while on vacation in another country at an odd time of day, the risk score will increase. The risk score can then be used to determine whether or not to prompt for MFA, and whether to allow or deny access.
Now, the first time a user logs into OneLogin, we don't have any typical login behavior to compare to, resulting in a high risk score. In fact, we don't even show the risk score for the first login because it's meaningless at this point. However, we'll still display the risk reasons which are gathered during the user's login attempt.
As the user logs in again and again from the same device, using the same browser, around the same time of day, and so on, their typical login behavior is determined, and as the user continues to log in from the same browser around the same time of day, the risk score continues to drop lower and lower each time they log in.
However, if this user were to attempt to log in using a different browser, the risk score would increase and the risk reasons would be reflected in the event log. Taking a look at the Events page in the Admin Console, we can see that each login attempt has a correlated risk score. Here we can use the risk score dropdown menu to filter events by the risk score.
For example, we can filter event logs to only display high risk login attempts, which will only show login attempts with a risk score between 51 and 75. We can simply click on any event to view specific information, such as the user, IP address, date, time, and additional details depending on the event type. For example, after clicking on this event, we can see the IP address, risk score, risk reasons, and other detailed information about Mary Baker's login attempt on August 24.
The risk score calculated by Vigilance AI can then be used by smart MFA and Smart Access. Smart MFA can suppress MFA prompts when a login attempt has a low risk score. In other words, when a user's login behavior is typical for that user, they can skip the MFA step in the OneLogin process. This streamlines the login process for users with lower risk scores, while ensuring that high risk login attempts are secured through MFA.
Smart MFA can be enabled in a user's security policy by clicking the Smart MFA checkbox to suppress MFA if risk is equal to or less than the selected risk level, which can be set by the admin. With Smart MFA enabled and the risk level set to low, MFA will be suppressed when a user's risk score drops to 25 or below.
This means that a user who receives a medium risk of 50, as we can see here, will be prompted for MFA when attempting to log in, ensuring that higher risk login attempts are secured through MFA. However, we can see that when a user's risk score drops to a low risk score of 20, the user will not be prompted for MFA during the login attempt, making the login process simpler for users with lower risk scores.
Next, Smart Access is another feature which relies on the risk scores generated by Vigilance AI. Smart Access allows us to deny access altogether when a user is outside of their normal behavior. It reduces threat exposure by detecting when a login attempt is risky. Smart Access can be applied to login attempts to the OneLogin SSO portal as well as login attempts to particular applications. In other words, Smart Access can either be applied to a user policy or an app policy.
For login attempts to the SSO portal, Smart Access can be enabled in a user's security policy. Here we can see that clicking on the Smart Access checkbox will deny access to the portal if a user meets or exceeds the selected risk level, which in this case is set to high, or any risk level above 50. This means that a user who receives a medium risk score of 32, as we can see here, will be allowed access to the portal.
However, when a OneLogin attempt is detected that varies drastically from a user's normal login behavior, the risk score will increase. For example, as we can see here, due to risk reasons such as the user logging in from the United States for the first time and using a new web browser, the risk score has increased. With this very high risk score of 95%, the user's login attempt to their SSO portal will be denied, effectively reducing threat exposure by restricting access based on a user's behavior.
And that concludes this overview of the adaptive authentication components within Smart Factor. Thanks for watching. Make sure to explore the rest of the demos in this video series to understand the other components that form OneLogin SmartFactor Authentication.
06:48