Device Match node
Compares any collected device metadata with that stored in the user’s profile.
Use this node with the Device Profile Collector node to determine if the authenticating user is on a previously saved, trusted device.
You can choose between two methods of comparison:
The node handles the comparison and matching, and you can configure the acceptable variance, and specify a time frame that profiles are considered current.
Create scripts to compare captured device data against trusted device profiles.
AM includes a template script you can customize to your requirements. In the AM admin UI, go to Realms > Realm Name > Scripts, and click Device Match Template - Decision node Script.
ForgeRock also provides a more complete sample script, as well as instructions for its use and a development toolkit. Find these resources on GitHub at https://github.com/ForgeRock/forgerock-device-match-script.
You must establish the identity of the user before attempting to match device profiles.
Evaluation continues along the
True path if the collected device profile matches a saved profile,
within the configured variance; otherwise, evaluation continues along the
If the user has no trusted device profiles, or the identity of the user has not been established,
evaluation continues along the
Unknown Device path.
Specify the maximum amount of device attribute differences acceptable for a match.
Specify the maximum age, in the number of days since being saved, that existing profiles can be considered for comparison. Device profiles saved to the user’s profile before this time will not be compared to the collected metadata.
Use Custom Matching Script
Specifies whether to use a custom script to compare the collected metadata with saved device profiles.
The script type must be
Custom Matching Script
Specifies the custom script to use if the Use Custom Matching Script property is enabled.
Only scripts of type