Skip to main content

User-Defined Policy Predicate

Basics#

Basic knowledge of the Ruby programming language is required to use this predicate.

Given a code expression, this predicate provides the current user context and runs that expression. If the execution returns true then the predicate is met. In cases that return false or produce runtime errors or if it takes longer than 100 milliseconds to evaluate, the predicate fails.

For example, the following code will simply check whether the authentication timestamp in UTC is not between 8 AM and 6 PM:

Time.now.utc.hour < 8 or Time.now.utc.hour > 18

Or the following condition is met when the user browser IP address is within the 74.50.X.X range:

IPAddr.new('74.50.0.0/16').include?(context.auth_request.ip_address)

Context#

We provide the user contextual information such as LOA score, location, network, etc. so that it can be used to develop the condition.

The context variable is available with the same name in the code. For example context.auth_request.ip_address returns the user IP address.

Here are the available context attributes:

NameTypeDescription
auth_requestAuthRequestAuthentication Request Information
user_mobileUserMobileInformation from user mobile app
mobile_vs_auth_request_distanceMobileVsAuthRequestDistanceThe distance between the user mobile device and the authenticating device e.g. browser

AuthRequest#

NameTypeDescription
countryStringThe user country1
ip_addressStringThe user public IP address
latitudeFloatAuthenticating device (e.g. browser) location latitude1
longitudeFloatAuthenticating device (e.g. browser) location longitude1
groupsArray of StringThe groups the user is member of (Active Directory groups if your instance is integrated with it)
loa_scoreFloatCurrent LOA score of the user based on the current situation
user_idIntegerCurrent user unique identifier
1 All the attributes based on geo-location require the end-user permitting the browser to track their location.

UserMobile#

NameTypeDescription
osStringUser mobile device operating system
app_versionStringRunning mobile application version
latitudeFloatMobile device location latitude
longitudeFloatMobile device location longitude
ip_addressStringMobile device IP address
user_idIntegerCurrent user unique identifier sent from the mobile app

MobileVsAuthRequestDistance#

NameTypeDescription
kilometersFloatDistance in kilometers
metersFloatDistance in meters
milesFloatDistance in miles
feetFloatDistance in feet