|Applies To||Adaptive Authentication (Hosted) V10.0|
Collection and Recollection of Challenge Questions/Secret Questions
Reference : Clarify C12324987
Data collection is the acquisition of data from the user in order
to perform authentication. In the case of AA Hosted, collection is the
selecting of challenge questions and providing the answers to those
questions. Later, if it becomes necessary for a user to be authenticated,
the questions are presented, and the user provides their answers.
If answers provided during authentication match those provided during data
collection, the user is authenticated.
When a user is collected can vary. The time that a user is collected
is determined by the following factors:
- Launch Date of the FI : This field is set in the Policy_Loader spreadsheet,
on the Collection Definitions sheet.
- Days & Percentage from Launch : Also found in the Collection Definition sheet of the Policy_Loader spreadsheet.
- Maximum opt out Attempts Until Collection: This field is set in the FI Auth spreadsheet.
- When the collection rule fires.
Note: The collection rule is usually the lowest priority rule but it is possible to
give it a higher priority than other rules.
Similar to passwords, after a certain amount of time, new questions and
answers should be used in order to maintain integrity in the authentication process.
When the recollection is done is determined by the following:
1. Once the user is collected, the last collection date is stored (for the user).
2. Each time the collection rule fires, it calculates the expiration date based
on last collection date and the recollection interval. The recollection interval
can be found in the FI Auth Config Sheet, Recollection Period Time column. The value
is shown in number of days.
3. If the current date is past the calculated expiration date, then the collection rule,
when triggered, will return the action ?COLLECT?.
The last collection date is stored, not the expiration date. This allows the modification
of the recollection interval at any time (to either increase or decrease the interval).
For both collection and recollection, data is gathered when the collection rule fires.
?when the collection rule fires? is important to note because it is a rule just like
any policy rule. If another higher priority rule fires first, then the collection
rule does not fire (only 1 production rule can fire during the Analyze processing), and
the collection operation is not executed.
Note: If the collection rule does fire but the user is collected and it is not time to recollect,
then the actionType = NONE.
|Issue||User wants to change the Recollection Period (Recollection Period Time column in the FI Authentication spreadsheet)|
|Legacy Article ID||a57817|