Identity Cloud

Set the data sources

You can skip this section for Identity Cloud tenants. This section is presented for information only.

Autonomous Access automatically uses an out-of-the-box data source, autoaccess-ds, that accesses the customer’s data lake within the Identity Cloud tenant’s cloud storage data for ML training. You do not need to define any data sources in this case.

The out-of-the-box data source also does not require attribute mapping. You simply define the source on the Autonomous Access Identity Cloud UI (refer to Run training) when setting up your training run.

auto access data sources

If you do not have the autoaccess-ds data source, contact ForgeRock for assistance.

Autonomous Access uses cloud storage data for its ML training runs and Elasticsearch data for its heuristic predictions. The Autonomous Access result journey node collects data and stores it in cloud storage and stores risky events in Elasticsearch.

The general guidelines for customer data storage is as follows:

  • Three months of access logs. The Autonomous Access activity dashboard displays the anomalous accesses that occurred over the past three months. As a result, Autonomous Access requires three months or more of customer data in Elasticsearch for optimal results.

  • Google Cloud storage. Autonomous Access requires six months of customer data for optimal AI/ML analytics results.

  • Secure data. All customer data resides within each customer’s private tenant and cannot be accessed externally to the tenant.

In general, you may have to define data sources for the following cases:

  • Demos. Customers who want to do a POC with their own data but are not current Identity Cloud customers may need to set up and define their own data sources. Typically, we load three months of access logs into a GCP data bucket and point to that location within the data source configuration presented below.

Verify the default data source

  1. On the Autonomous Access UI, click Risk Administration > Data Sources.

  2. Verify that the autoaccess-ds is present and activated.

You do not have to set the mapping as it is configured already. Next, set the Risk Configuration.

Set the data source (if not using the default data source)

  1. On the Autonomous Access UI, click Risk Administration > Data Sources.

  2. On the Data Sources page, click Add Data Source.

  3. On the Add Data Source dialog, select the data bucket in the Bucket Search field.

  4. For Object Prefix, click Define from Prefix, and enter the following:

    1. Name (of the Data Source). Add a descriptive name for the data source.

    2. Bucket Name. Add the data bucket for the data source.

    3. Prefix. Add a prefix.

  5. Click Save. The new data source is displayed on the page. The Status column displays the current state of the data source.

  6. At this stage, you need to set attribute mapping between your data source and the schema. Click the trailing dots, and select Create or Edit Mapping.

  7. Under Data Source, select the attribute to map to the Auto Access feature. Repeat for as many attributes as you can. Note that you cannot add attributes to the list of attributes.

    Display an example of a data source mapping.

    auto access data source mapping

  8. Click Preview Feature Mapping to review the mapping, and then click Save if satisfied.

    Display an example of a data source mapping preview.

    auto access data source mapping preview

  9. The data source will be in an Inactive state, you must now activate the data source to use it in the training run. Click the trailing dots, and select Activate. The data source is now in an active state.

    You have successfully set up or confirmed your data source(s) and mappings. Next, you can set the Risk Configuration.

Copyright © 2010-2024 ForgeRock, all rights reserved.