000011920 - User wants to change the Recollection Period (Recollection Period Time column in the FI Authentication spreadsheet)

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011920
Applies ToAdaptive Authentication (Hosted) V10.0
Collection and Recollection of Challenge Questions/Secret Questions
Reference : Clarify C12324987

Collection 

            Data collection is the acquisition of data from the user in order

to perform authentication.  In the case of AA Hosted, collection is the

selecting of challenge questions and providing the answers to those

questions.  Later, if it becomes necessary for a user to be authenticated,

the questions are presented, and the user provides their answers.

If answers provided during authentication match those provided during data

collection, the user is authenticated.

 

            When a user is collected can vary.  The time that a user is collected

is determined by the following factors:

-       Launch Date of the FI : This field is set in the Policy_Loader spreadsheet,

on the Collection Definitions sheet.

-       Days & Percentage from Launch : Also found in the Collection Definition sheet of the Policy_Loader spreadsheet.

-       Maximum opt out Attempts Until Collection: This field is set in the FI Auth spreadsheet.

-       When the collection rule fires.

 

Note:  The collection rule is usually the lowest priority rule but it is possible to

give it a higher priority than other rules.


Recollection 

 

            Similar to passwords, after a certain amount of time, new questions and

answers should be used in order to maintain integrity in the authentication process.

When the recollection is done is determined by the following:

 

1.     Once the user is collected, the last collection date is stored (for the user).

2.     Each time the collection rule fires, it calculates the expiration date based

on last collection date and the recollection interval.  The recollection interval

can be found in the FI Auth Config Sheet, Recollection Period Time column.  The value

is shown in number of days.

3.     If the current date is past the calculated expiration date, then the collection rule,

when triggered, will return the action ?COLLECT?.

 

The last collection date is stored, not the expiration date.  This allows the modification

of the recollection interval at any time (to either increase or decrease the interval).

 

For both collection and recollection, data is gathered when the collection rule fires.

?when the collection rule fires? is important to note because it is a rule just like

any policy rule.  If another higher priority rule fires first, then the collection

rule does not fire (only 1 production rule can fire during the Analyze processing), and

the collection operation is not executed.

 

Note:    If the collection rule does fire but the user is collected and it is not time to recollect,

then the actionType = NONE.

IssueUser wants to change the Recollection Period (Recollection Period Time column in the FI Authentication spreadsheet)
Legacy Article IDa57817

Attachments

    Outcomes