For risk-based authentication (RBA), the system uses device history as a factor in determining risk. The device history is a list of user authentication devices from previous, successful logons. The system maintains a device history for each user. Once added to the list, the device is considered to be registered. When the user tries to access an RBA-protected resource using a registered device, the authentication attempt is likely to have a higher assurance level. When the user attempts to logon with an unknown device, the system challenges the user for identity confirmation. If the logon is successful, the new device is added to the user’s device history list.
You specify how the system registers and manages user’s devices for RBA. You can configure the following client device settings.
New device registration
Authentication Manager can register a new device automatically or ask users if they want to register the device. If you expect users to access RBA-protected resources from public or shared devices, allow them to decide which devices they want to register.
Total registered devices
You can set the maximum number of registered devices preserved in each user’s device history. If the number of registered devices exceeds the limit, the nightly cleanup job deletes the least recently used devices.
You can specify when inactive devices are removed from a user’s device history. For example, you can specify that devices are removed from a user’s device history after 60 days of inactivity. Consider the needs of all your users. Although most users might use the same client devices frequently to access RBA-protected resources, some users might only use public client devices infrequently.