Identity Cloud

Key features

Autonomous Access is an add-on service to your Identity Cloud subscription and provides the following features:

  • Fully-native Identity Cloud deployment. ForgeRock’s Autonomous Access and its components are fully cloud-native, deployed into the private tenants (dev, staging, and production) of Identity Cloud customers who sign up for the feature. Autonomous Access stores three months of data for the risk dashboard and six months of data in the cloud for optimal artificial intelligence/machine learning (AI/ML) analytics.

  • Machine learning-based anomaly detection. Autonomous Access uses AI/ML-based detection analytics centered around user behavior and geospatial contextual information at authentication. Anomaly detection includes location, time of day, operating system version, device model and type, browser type and version, and other data. Autonomous Access’s AI/ML decisions are explainable and provide the reasoning for its scoring rather than black box results with no transparency. Autonomous Access attempts to answer the following questions when running its analytics:

    • Individual user behavior. Is this behavior anomalous compared to the user’s normal behavior?

    • Compare to a group of users. If the user typically behaves similarly to a group of users (for example, a department), is the user’s current behavior different this time?

    • Compare to all users. Is the user’s behavior different from any other behavior the platform has seen?

  • Real time threat detection. In addition to anomaly detection, Autonomous Access AI/ML analytics engine discovers the following risk threats using heuristics:

    • Credential stuffing. Autonomous Access detects if a single IP is trying to access many users over a period of time by taking a total count of users being accessed by a single IP.

    • Suspicious IPs. An IP is deemed suspicious if the IP is making too many authentication attempts over a period of time. Autonomous Access detects the total count of authentication attempts across all users by a single IP.

    • Automated user agent filter. Autonomous Access detects if automated bots exist in the user-agent string.

    • Impossible traveller. Autonomous Access detects if users are authentication from two locations too far apart for a person to travel between these points at an impossible speed.

    • Brute force. Autonomous Access detects the frequency of authentication attempts for a user over a period of time. If the frequency is high, then Autonomous Access flags the event as a possible brute force attack.

  • Autonomous Access dashboards. Autonomous Access dashboard displays an intuitive risk activity page showing all suspected access threats occurring in the past three months across a world-wide company. Authorized users can click on an event to drill down to examine the details.

  • Pre-built Autonomous Access nodes. Autonomous Access provides three pre-built nodes to integrate within a customer’s Identity Cloud authentication journeys. No custom coding and connectors are required for these nodes. The following Autonomous Access nodes are available:

    • Autonomous Access signal node. The signal node determines the heuristics and anomaly detection to include in the risk score generation. The node begins making API calls to the Autonomous Access AI server to collect and extract data from a pre-defined data source. After you run an AI/ML training workflow to generate the risk scores and models, the Autonomous Access AI server returns the risk score and accompanying information for each event to the decision node.

    • Autonomous Access decision node. The decision node determines the actionable journey paths based on where a risk score lies within predetermined range of scores.

    • Autonomous Access result node. The result node collects the risk predictions and results for successful and failed outcomes and writes them to the Autonomous Access AI server.

  • Out-of-the-Box journey. Identity Cloud provides a preconfigured Autonomous Access journey with nodes. You can use this journey as a starting template for your specific use cases and requirements. Identity Cloud Analytics dashboard also reports successful or failed Autonomous Access journeys.

  • Custom features. Autonomous Access lets you add custom features using YAML-based risk configuration and scripted nodes. For example, you can configure Autonomous Access with the following custom features:

    • Multiple policies. Companies typically require multiple risk policies for its various use cases. Autonomous Access provides a single risk policy out-of-the-box, but you can configure multiple policies.

    • Custom logic. Autonomous Access uses the highest risk score of all triggered signals by default. For example, if you have a UEBA signal with a score of 30 and an impossible traveler score of 60; the resulting score of these events is 60. However, you can also change the logic to use the sum of all triggered signals for your applications. For example, a UEBA score of 30 and an impossible traveler score of 60 results in a sum score of 90, which triggers a high risk.

    • Additional signals. Many companies want to check for anonymizer detection for Tor, VPN, or proxy addresses. You can configure Autonomous Access to check IP addresses sending unwanted signals.

    • Whitelists and blacklists. Many companies need the ability to override s risk score in cases where known IPs are triggered as false positives. For example, executives who travel often to different geographic regions may trigger a high UEBA score; however, you can override this case by setting up a whitelist, which lets the user’s IP proceed successfully. Conversely, you can completely avoid known dangerous IP addresses regardless of the risk score. You can set up a blacklist that block a range of IP addresses to your system.

Copyright © 2010-2022 ForgeRock, all rights reserved.