Use case overview

The ability to view which users and locations are risky based on past activity is a common use case that can be easily achieved using the Autonomous Access service in ForgeRock Identity Cloud.

For this use case, we’ll demonstrate how you can use the Autonomous Access Risk dashboard to get a view of anomalous and risky access attempts by users and get context on threats.

NOTE: You’ll need an Identity Cloud tenant with the Autonomous Access add-on service.

Autonomous Access Risk dashboard

For a comprehensive overview of the Risk dashboard, see A tour of the Risk dashboard.

To access the Risk dashboard and view event details:

1. Sign in to the Identity Cloud admin UI using your admin tenant URL, in the format https://<tenant-name>/am/XUI/?realm=/#/.

2. Go to Dashboard > Risk.

   The dashboard shows the geographic locations of high-risk access events.

   

   uc_aa-risk_dashboard3762×1914 764 KB

3. Click on an event to get a detailed view of the activity, including:

   • Date and time of the occurrence
   • Risk score
   • Type of risk threat
   • Geolocation
   • Device and browser type
   • User’s previous risky authentication attempts

   For example:

   

   uc_aa_risk_activity702×694 292 KB

Filtering the data

You can filter the results shown on the Risk dashboard by date range, risk score, attributes and risk reason.

To filter on a date range:

• Click the Date filter, select the required date range, and click Apply.

  

  uc_aa_filter_dates2100×1002 358 KB

To filter on risk score:

• Click the Risk filter, drag the marker to the required risk score range, and click Apply.

  

  uc_aa_custom_risk_scores988×658 556 KB

To filter on attributes and risk reason:

1. Click the Filters filter.

2. Select the feature to filter on (city, country, device, device type, OS, OS version, time of day, user agent, user ID) and select a value.

   

   uc_aa_filter1590×822 53.4 KB

3. Select the risk reason(s) to filter on. You can select multiple risk reasons.

   

   uc_aa_filter_attribute_reason1594×846 66.1 KB

4. Click Apply.

   The filtered results are displayed on the dashboard.

   

   uc_aa_filtered_results3204×1480 608 KB

Additional resources

Documentation:

• Autonomous Access
• Administration
• Dashboards

Other resources:

• ForgeRock Autonomous Access Solution Brief
• Modeling Risk for Business in Authentication Flows
• Use case: Configure risk-based authentication in ForgeRock Identity Cloud
• Use case: Configure protection against credential stuffing and brute force attacks in ForgeRock Identity Cloud
• Use case: Set up and customize dashboards in ForgeRock Identity Cloud