No trust page for increaseauth rule not related to device ID or association

Idea created by RaviSapare on Oct 18, 2017
    New
    Score3
    • RaviSapare
    • Breandan
    • AlecC
    Device association getting renamed for below scenario.

    User has already trusted a device and a cookie is available in browser. User performs more than 5 login attempts in an hour (i.e.:- User velocity rule valid and risk score: INCREASEAUTH). User gets an OTP and trusts this time with new name. risk minder checks already a device id exists for this and updates the association name.

    Our use case :

    We are fetching all device association names for a users via list device call and providing end user ability to manage it(for ex: Delete a device association from its trust list)

    Concern:

    User will start seeing an existing device association not available in list of trusted devices as there is no notification to them on association rename for above explained scenario. 

    Idea:

    Ideally the AFM should only trigger device trust page if  only it is a device related rule that triggered INCREASEAUTH and the association does not already exist. In all the increaseauth cases no trust page should be triggered.