Use case: View the riskiest users and locations based on past activity in ForgeRock Identity Cloud

Use case overview

The ability to view which users and locations are risky based on past activity is a common use case that can be easily achieved using the Autonomous Access service in ForgeRock Identity Cloud.

For this use case, we’ll demonstrate how you can use the Autonomous Access Risk dashboard to get a view of anomalous and risky access attempts by users and get context on threats.

NOTE: You’ll need an Identity Cloud tenant with the Autonomous Access add-on service.

Autonomous Access Risk dashboard

For a comprehensive overview of the Risk dashboard, see A tour of the Risk dashboard.

To access the Risk dashboard and view event details:

  1. Sign in to the Identity Cloud admin UI using your admin tenant URL, in the format https://<tenant-name>/am/XUI/?realm=/#/.

  2. Go to Dashboard > Risk.

    The dashboard shows the geographic locations of high-risk access events.

  3. Click on an event to get a detailed view of the activity, including:

    • Date and time of the occurrence
    • Risk score
    • Type of risk threat
    • Geolocation
    • Device and browser type
    • User’s previous risky authentication attempts

    For example:

Filtering the data

You can filter the results shown on the Risk dashboard by date range, risk score, attributes and risk reason.

To filter on a date range:

To filter on risk score:

To filter on attributes and risk reason:

  1. Click the Filters filter.

  2. Select the feature to filter on (city, country, device, device type, OS, OS version, time of day, user agent, user ID) and select a value.

  3. Select the risk reason(s) to filter on. You can select multiple risk reasons.

  4. Click Apply.

    The filtered results are displayed on the dashboard.

Additional resources


Other resources:

1 Like