risk-based authentication?

Cantor, Scott cantor.2 at osu.edu
Tue Jul 23 15:38:02 EDT 2019

On 7/23/19, 1:27 PM, "users on behalf of Liam Hoekenga" <users-bounces at shibboleth.net on behalf of liamr at umich.edu> wrote:

> Anyone implement any risk-based mechanism with the Shib IDP?  Whether that be "you've been logging in from Chicago
> all day, but now you're in Beijing?"  or "I've never seen you on Android before", I'm curious what other people might be
> doing...

Some discussion of it off and on at OSU but nothing concrete. It requires so much decision making about what information to use and what to do with it that I don't foresee it going anywhere for us, and lacking concrete requirements makes doing something more generic much harder for me.

-- Scott

More information about the users mailing list