Identity Cloud

Configure

Authorized users can run the Autonomous Access AI/ML pipelines manually if required.

If you are new to Autonomous Access, the Autonomous Access package includes assistance from the ForgeRock Professional Services group. Only run these steps if you have a strong technical understanding and familiarity of Autonomous Access.

You can run the following tasks manually:

Set the roles

Autonomous Access has two roles that you can provision using ForgeRockĀ® Identity Management to grant users access to various parts of the dashboard and configuration.

  • auto-access-fraud-analyst. The auto-access-fraud-analyst role lets users view the dashboards (Activity and Activity Detail page) only.

  • auto-access-data-analyst. The auto-access-data-analysts role lets users configure Autonomous Access but not view the dashboards.

Identity Cloud tenant administrators are granted both Autonomous Access roles.

Set data sources

You must set your data sources to point to the bucket(s) with the latest access data before running the training and prediction pipelines.

The general guidelines for customer data storage is as follows:

  • Three months of access logs. The Autonomous Access activity dashboard displays the anomalous accesses that occurred over the past three months. As a result, Autonomous Access stores three months of customer data in Elasticsearch.

  • Cloud storage. Autonomous Access stores six months of customer data for optimal AI/ML analytics results.

  • Secure data. All customer data resides within each customer’s private tenant.

Set the Data Source:

  1. On the Identity Cloud UI, click Administration > Data Sources.

  2. On the Data Sources page, click Add Data Source.

  3. On the Add Data Source dialog box, select the data bucket in the Bucket Search field.

  4. For Object Prefix, click Define from Prefix, and enter the following:

    1. Name (of the Data Source). Add a descriptive name for the data source.

    2. Bucket Name. Add the data bucket for the data source.

    3. Prefix. Add a prefix.

  5. Click Save. The new data source is displayed on the page. The Status column displays the current state of the data source.

  6. At this stage, you need to set attribute mapping between your data source and the schema. Click the trailing dots, and select Create or Edit Mapping.

  7. Under Data Source, select the attribute to map to the Auto Access feature. Repeat for as many attributes as you can.

  8. Review the JSLT Preview, and then click Save.

  9. The data source will be in an Inactive state, you must now activate the data source to use it in the training run.

  10. Click the trailing dots, and select Activate. The data source is now in an active state.

    You have successfully set up your data source. Next, you can run the training pipeline.

Run the pipelines

The Training pipeline is the first part of a two-part AI/ML process that automates machine learning workflows to correlate largely unstructured and unlabeled data into models. These models use AI heuristics to capture the patterns to reveal the regular online user behaviors. The training pipeline iteratively repeats its processing to improve the accuracy of its models.

Before you run training, you must have set up your data source and mappings. This is a very important step towards a successful training run. See Set data sources.

The training pipeline takes time to process as it iteratively runs the machine learning workflows multiple times.
Run the Training Pipeline:
  1. On the Identity Cloud UI, go to Administration > Pipelines.

  2. Click Add Pipeline.

  3. On the Add Pipeline dialog, enter the following information:

    1. Name. Enter a descriptive name for the training pipeline.

    2. Data Source. Select the data source to use for the pipeline.

    3. Select Type. Select Training. The dialog opens with threshold settings that you can change if you understand machine learning.

      • Autoencoder. The Autoencoder module is a neural-network that is used to learn the optimal coding of unlabeled data. You can configure the following:

        • Batch size. The batch size of a dataset in MB if applicable.

        • Epochs. An epoch is the number of iterations the ML algorithm has completed during its training on the entire dataset.

        • Learning rate. The learning rate is a parameter that determines the step size of each iterative pass with respect to the loss gradient.

        • Window. The window size is the length of a sliding time sequence of data.

      • Clustering. The Clustering module aggregates and groups data points using a clustering algorithm.

      • Embeddings. The Embeddings module accepts the output of the Featurization module and trains a model, which is saved to a file.

      • Variational Autoencoder. The Autoencoder Type 2 module is another autoencoder that returns good data points that help with predictive training. Autonomous Access uses both an auto-encoder type 1 and 2 to generate precise models for its access points.

      • Vectorizer. The Vectorizer module accepts the output of the Embeddings module and returns risk scores.

        We recommend not changing the settings for this release unless you have a strong grasp of AI/ML analytics.
  4. Click Save.

  5. Click the trailing dots, click Run Pipeline, and then click Run. Depending on the size of your data source and how you configured your pipeline settings, the predictions run will take time to process.

  6. Click View on GCP to see the detailed processing of the pipeline. Take note of the workflow name, you can use it to monitor the logs during the predictions run.

  7. Click OK to close the dialog box.

  8. Upon a successful run, you will see a Succeeded status.

Tuning the training models

Autonomous Access supports the ability to view the results of a training run in a graphical format and tune the AI/ML training models for greater accuracy. This feature is only intended for ForgeRock Professional Services.

You can view the graphs of the following models:

  • Ensemble. Displays the combination of all charts in one view.

  • Model A. Displays the Autoencoder Type 1 charts.

  • Model B. Displays the Autoencoder Type 2 charts.

  • Model C Displays the clustering module charts.

  1. On the Pipelines page, click the dots, and then click View Run Details.

  2. On the Training Execution Details, click the dots, and then click Results. The training results are displayed.

  3. You can select the model on the drop-down list.

  4. To close the dialog, click OK.

Run the predictions pipeline

The second part of the AI/ML analytics process is to run the predictions pipeline based on the models created in the training run. The prediction workflow consists of three processes:

  • Prediction. The prediction workflow applies the training models to new data and forecasts the likelihood of certain outcomes.

  • Explainability. The explainability workflow runs a series of operations to help the user interpret the predictions by the ML models.

  • Publish. The publish workflow writes the data to the Java API Service (JAS), so that it can display the ML results on the Activity dashboard.

The training pipeline job must have run and completed successfully prior to running the predictions job.
The prediction pipeline takes time to process depending on the size of your data. You may need to monitor its progress throughout its execution.
Run the Predictions Pipeline:
  1. On the Identity Cloud UI, go to Administration > Pipelines.

  2. Click Add Pipeline.

  3. On the Add Pipeline dialog, enter the following information:

    1. Name. Enter a descriptive name for the prediction pipeline.

    2. Data Source. Select the data source to use for the pipeline.

    3. Select Type. Select Prediction.

    4. Training Pipeline. Select the training pipeline on which to run predictions.

  4. Click Save.

  5. Click the trailing dots, click Run Pipeline, and then click Run. Depending on the size of your data source and how you configured your pipeline settings, the predictions run will take time to process.

  6. Click View on GCP to see the detailed processing of the pipeline.

  7. Click OK to close the dialog.

  8. Upon a successful run, you will see a Succeeded status.

  9. If you are satisfied with the training run, click the trailing dots, and click Publish to write the results to the database.

Copyright Ā© 2010-2022 ForgeRock, all rights reserved.