User has already trusted a device and a cookie is available in browser. User performs more than 5 login attempts in an hour (i.e.:- User velocity rule valid and risk score: INCREASEAUTH). User gets an OTP and trusts this time with new name. risk minder checks already a device id exists for this and updates the association name.
Our use case :
We are fetching all device association names for a users via list device call and providing end user ability to manage it(for ex: Delete a device association from its trust list)
User will start seeing an existing device association not available in list of trusted devices as there is no notification to them on association rename for above explained scenario.
Ideally the AFM should only trigger device trust page if only it is a device related rule that triggered INCREASEAUTH and the association does not already exist. In all the increaseauth cases no trust page should be triggered.