Determining Access Requirements for High-Risk Users in Cloud Access Service

You can determine authentication and access requirements for users who are identified as high risk. These might be users whose accounts have been compromised, or for whom a third-party security information and event management (SIEM) solution, such as NetWitness, has found suspicious activity. You can configure access policies that require additional authentication for users on the high-risk list or deny them access to protected resources.

Note:  This feature is licensed. See ID Plus Subscription Plans.

To use this feature, do the following:

1. Ensure that high-risk users coming from third-party applications are identified as high risk in Cloud Access Service (CAS). Use one of the following methods:

   • Have your web client developers implement the SecurID High-Risk User List API. To generate the required API keys, see Manage the Cloud Administration REST API Keys. Use the SecurID Retrieve High-Risk User List API to retrieve a list of high-risk users.

   • If your company deploys NetWitness Respond Version 11.3 or later, use that product instead of the APIs to obtain the same benefits. For instructions, see NetWitness Respond Configuration Guide for Version 11.3.
     

2. Configure access policies to use the High-Risk User List attribute. For instructions, see Add an Access Policy.

Note:   The High-Risk User List attribute is different from the Identity Confidence attribute. The High-Risk User List attribute establishes that a user is high risk based on data obtained from a third-party. The Identity Confidence attribute allows CAS to establish high or low confidence in a user's identity based on data the service has collected about user behavior over a period of time.