Adaptive authentication

The main feature of nevisAdapt is to provide adaptive authentication. Adaptive authentication means that different kinds of security measures are applied to authenticate a user, based on the user situation and context when attempting to log in.

As adaptive authentication mainly affects the login flow, we recommend integrating the nevisAdapt service directly into nevisAuth, by using the nevisAdapt Authentication Connector. In this case, nevisAdapt has its own authentication step, which calls the nevisAdapt service. Depending on the aggregated risk score, this leads to different scenarios, such as sending a notification email. For further information, see the chapter NevisAdaptAuthState.

Risk-based authentication flow

In the current version, both medium and high risk scenarios are available. This means that different behavior can be configured for each threshold.

Event-based authentication flow

Another option to determine the next authentication step is to check the events based on the observations to a predefined list of combinations. The first rule that is satisfied directly references the next step, the rest of the list is not checked. All event combinations can potentially lead to a different authentication step.