On This Page:
About Authentication Intelligence
Authentication Intelligence enables customers to extend the lifetime of the login session for authentic users. A typical web login session usually expires in 30 minutes or an hour. Authentication Intelligence enables implicit login for eligible users, extending the session lifetime to weeks or months without reducing the security of the login session. This provides more conversions with frictionless authentication experience, a better user experience, and reduced customer support costs due to authentication friction.
How Authentication Intelligence works
The flowchart below describes the detailed steps:
- When the user logs in or visits the account pages, the DC cookie is attached to the HTTP request sent to the endpoint.
- The Dynamic Modulator performs bot defenses as usual. After the request is determined to be non-automated, the Dynamic Modulator reads the DC cookie and decrypts it to extract the session recommendation in clear text.
- When passing the HTTP request to the origin server, the Dynamic Modulator attaches the session recommendation in a designated HTTP header.
- Based on the session recommendation header from Authentication Intelligence, the customer’s origin server can decide to extend the session lifetime for authenticated users.
Create long-lived sessions based on Authentication Intelligence recommendations
Authentication Intelligence updates and publishes the recommendation signal for the enterprise to consume in real time. When a device is recognized as eligible, the recommendation will remain eligible until Authentication Intelligence sees additional information proving it’s ineligible for a longer session.
Customized logic needs to be built on the server side to have users authenticated without login challenge in the designed period of extension. The logic also needs to be implemented so the user will be challenged again after the designed period of extension expires. For example, if the desired period of extension is seven days, then the device needs to be challenged again on the eighth day after their previous successful login.