Threat Guard with IP Quality Score
This section elaborates on the IPQualityScore's role as a Source of Risk in the Threat Guard system and its impact on triggering specific security actions. To gain a comprehensive insight into how IPQualityScore integrates with the overall functionality of Threat Guard, we recommend referring to the main Threat Guard documentation. This detailed overview will help understand the nuances of how IPQualityScore's risk indicators influence the security protocols within the Threat Guard framework.
IPQualityScore Source of Risk Action Triggers
Bot Detector: IPQualityScore will send indicators to the Next Identity Threat Guard service to indicate that a bot has been detected; triggers for bot detection are not configurable.
Risk Detector: - IPQualityScore will send a score to the Next Identity Threat Guard service to indicate a risk level based on a variety of considered inputs and user behavior. The “score” attribute will be numerically between 0 and 100. Risk Detector has three levels (high risk 85+, medium risk 75-84, low risk 0-74), and those ranges are hard-coded into the Threat Guard service and cannot be adjusted by the customer.
New Device Detector: IPQualityScore will send indicators to the Next Identity Threat Guard service to indicate that a new device has been detected; triggers for new device detection are not configurable.
Impossible Travel Detector IPQualityScore does not provide impossible travel indicators. Instead, applications that use IPQualityScore will need to get Impossible Travel Indicators from another source (Google Distance Matrix API).
Matrix of Available Actions Based on Signal Triggers from IPQualityScore
Note on the table below
The user only needs to complete the two-step verification process once. If in the scenario they are flagged twice (i.e., new device plus fraud detection), completing it once fulfills the requirement.
| Login Method | New Device | Bot Detected | Fraud Detected 85+ | Fraud Detected 75-84 | Fraud Detected <=74 | Impossible Travel Detected** |
|---|---|---|---|---|---|---|
| Email + password | none, email notification,step up auth, or both step up auth and email notification | block | block | step up auth | allow | step up auth |
| Email + password + 2FA | allow | block | block | allow | allow | allow |
| Mobile phone number + password | step up auth | block | block | step up auth | allow | step up auth |
| Mobile phone number + password +2FA | allow | block | block | allow | allow | allow |
| Email OTP | email notification | block | block | allow | allow | allow |
| Mobile OTP | allow | block | block | allow | allow | allow |
| Social Authentication | allow and step up auth | block | block | step up auth | allow | step up auth |
| Biometric Authentication | email notification and step up auth | block | block | allow | allow | allow |
**As previously mentioned, IPQualityScore does not provide impossible travel indicators. In this case, applications must get this from another source (Google Distance Matrix API).
Updated 12 months ago