Adaptive Authentication

Adaptive authentication in CAS allows you to accept or reject authentication requests based on certain characteristics of the client browser and/or device. When configured, you are provided with options to block authentication requests from certain locations submitted by certain browser agents. For instance, you may consider authentication requests submitted from London, UK to be considered suspicious, or you may want to block requests that are submitted from Internet Explorer, etc.

Adaptive authentication can also be configured to trigger multifactor based on specific days and times. For example, you may wish to trigger multifactor on select days or if the current hour is after 11pm or before 6am. Each rule block may be assigned to an mfa provider where successful matching of rules allows for the multifactor trigger to execute.

Configuration

To see the relevant list of CAS properties, please review this guide.

To enable adaptive authentication, you will need to allow CAS to geo-locate authentication requests. To learn more, please see this guide

Risk-based Authentication

CAS is able to track and examine authentication requests for suspicious behavior. To learn more, please see this guide.