Authentication Intelligence

About Authentication Intelligence

Authentication Intelligence enables customers to extend the lifetime of the login session for authentic users. A typical web login session usually expires in 30 minutes or an hour. Authentication Intelligence enables implicit login for eligible users, extending the session lifetime to weeks or months without reducing the security of the login session. This provides more conversions with frictionless authentication experience, a better user experience, and reduced customer support costs due to authentication friction.

How Authentication Intelligence works

As the user visits the customer’s web page, Authentication Intelligence's Javascript (JS) talks to the Authentication Intelligence API server to retrieve the encrypted recommendation in the background. When the user logs in or visits account pages requiring logged-in status, the extension recommendation is passed to the origin server via Dynamic Modulator.

The flowchart below describes the detailed steps:

  1. When the user visits the enterprise’s website, an asynchronized Authentication Intelligence Javascript is automatically downloaded.
  2. Authentication Intelligence Javascript runs in the background and makes an API call to the Authentication Intelligence server in the cloud to retrieve the encrypted session recommendation signal. The Authentication Intelligence Javascript writes the encrypted session recommendation data as a cookie named DC cookie, which expires in one day by default and is configurable. Every time a page is loaded, values in the DC cookie are checked and updated.
  3. When the user logs in or visits the account pages, the DC cookie is attached to the HTTP request sent to the endpoint.
  4. The Dynamic Modulator performs bot defenses as usual. After the request is determined to be non-automated, the Dynamic Modulator reads the DC cookie and decrypts it to extract the session recommendation in clear text.
  5. When passing the HTTP request to the origin server, the Dynamic Modulator attaches the session recommendation in a designated HTTP header.
  6. Based on the session recommendation header from Authentication Intelligence, the customer’s origin server can decide to extend the session lifetime for authenticated users.
authentication intelligence overview
Figure: Overview of Authentcation Intelligence Workflow

Create long-lived sessions based on Authentication Intelligence recommendations

Authentication Intelligence updates and publishes the recommendation signal for the enterprise to consume in real time. When a device is recognized as eligible, the recommendation will remain eligible until Authentication Intelligence sees additional information proving it’s ineligible for a longer session.

Customized logic needs to be built on the server side to have users authenticated without login challenge in the designed period of extension. The logic also needs to be implemented so the user will be challenged again after the designed period of extension expires. For example, if the desired period of extension is seven days, then the device needs to be challenged again on the eighth day after their previous successful login.