1/63
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in Oracle Adaptive Access Manager 11.1.2?
New Features for Oracle Adaptive Access Manager 11.1.2.0
Feature Comparison Chart - Oracle Adaptive Access Manager 11.1.2.0 vs. Oracle Adaptive Access Manager 11.1.1.3.0
Concepts and Terminology Changes for Oracle Adaptive Access Manager 11
g
Part I Getting Started with Oracle Adaptive Access Manager
1
Introduction to Oracle Adaptive Access Manager
1.1
Introduction to Oracle Adaptive Access Manager
1.2
Oracle Adaptive Access Manager Features
1.2.1
Autolearning
1.2.2
Configurable Risk Engine
1.2.3
Virtual Authentication Devices
1.2.4
Device Fingerprinting
1.2.5
Knowledge-Based Authentication
1.2.6
Answer Logic
1.2.7
OTP Anywhere
1.2.8
Mobile Access Security
1.2.9
Universal Risk Snapshot
1.2.10
Fraud Investigation Tools
1.2.11
Policy Management
1.2.12
Dashboard
1.2.13
Reports
1.3
Oracle Adaptive Access Manager Component Architecture
1.4
Deployment Options
1.5
System Requirements and Certification
2
Setting Up the OAAM Environment
2.1
Prerequisites
2.2
Setting Up the Base Environment
2.3
Setting Up the CLI Environment
2.3.1
Set up the CLI Work Folder
2.3.2
Set Up the Credential Store Framework (CSF) Configuration
2.3.2.1
Configure OAAM Database Details with CSF without MBeans
2.3.2.2
Configure OAAM Database Details with CSF with MBeans
2.3.3
Setting Up Oracle Adaptive Access Manager Database Credentials
2.3.4
Using Persistence Instead of Setting Database Credentials in the Credential Store Framework
2.4
Setting Up Encryption and Database Credentials for Oracle Adaptive Access Manager
2.4.1
Prerequisites for Setting Up Encryption and Database Credentials
2.4.2
Setting up the Encoded Secret Key for Encrypting Configuration Values
2.4.3
Setting Up Encoded Secret Key for Encrypting Database Values
2.4.4
Generating an Encoded Secret Key
2.4.5
Adding the Encoded Symmetric Key to the Credential Store Framework
2.4.6
Setting Up Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
2.4.7
Backing Up Database Credentials and Encoded Secret Keys for Encrypting the Database and Configuration Values
2.5
Creating OAAM Users
2.6
Importing the OAAM Snapshot
2.7
Importing IP Location Data
2.8
Enabling OTP
2.9
Setting the Time Zone Used for All Time Stamps in the OAAM Administration Console
2.10
Using Different Encryption Algorithms and Adding New Encryption Extensions
3
Getting Started with Common Administration and Navigation
3.1
Starting and Stopping Components in Your Deployment
3.2
Signing In to Oracle Adaptive Access Manager 11
g
3.3
OAAM Administration Console and Controls
3.4
Navigation Panel
3.5
Navigation Tree
3.5.1
Navigation Tree Structure
3.5.2
Navigation Tree Menu and Toolbar
3.6
Policy Tree
3.7
Management Pages
3.7.1
Search Pages
3.7.1.1
Elements in the Search Form
3.7.1.2
Search Results Table
3.7.1.3
Search Results Menu and Toolbar
3.7.1.4
Select All
3.7.1.5
Create and Import
3.7.1.6
Close Multiple Tabs
3.7.2
Detail Pages
3.8
Dashboard
3.9
Online Help
3.10
Search, Create, and Import
3.11
Export to Excel
3.12
Access Level to OAAM Admin
Part II Customer Service and Forensics
4
Managing and Supporting CSR Cases
4.1
Introduction and Concepts
4.1.1
Case
4.1.1.1
CSR Cases
4.1.1.2
Escalated Cases
4.1.2
Customer Service Representative (CSR)
4.1.3
CSR Manager
4.1.4
Locked Status
4.1.5
Temporary Allow
4.1.6
Case Status
4.1.7
Severity Level
4.1.8
Expiration Date
4.1.9
Customer Resets
4.2
CSR and CSR Manager Role Permissions
4.3
Getting Started
4.4
Cases Search Page
4.4.1
Searching for Cases
4.4.2
Viewing a List of Cases
4.4.3
Viewing a List Cases You are Currently Working On
4.4.4
Searching for Open and Closed Cases
4.4.5
Searching Case by Description Keyword
4.4.6
Viewing a List of Cases
4.5
Case Details Page
4.5.1
Case Actions
4.5.2
Viewing Case Details
4.5.3
Viewing User Details
4.6
Viewing Case Activity
4.6.1
Viewing the Case History
4.6.2
Searching the Log of a Case
4.6.3
Viewing Escalated Case Logs and Notes
4.7
Viewing Customer's Sessions
4.7.1
Viewing a Customer's Session History
4.7.2
Searching for a Customer's Sessions
4.7.3
Searching for a Customer's Sessions by Device ID or Date Range
4.7.4
Filtering the Session History by Authentication Status or Alert Level
4.7.5
Viewing Transactions in the Sessions History
4.8
Creating a CSR Case
4.8.1
Creating a Case
4.8.2
Creating a Case Like Another Case
4.9
Performing Customer Resets
4.9.1
Resetting Image
4.9.2
Resetting Phrase
4.9.3
Resetting Image and Phrase
4.9.4
Unregistering Devices
4.9.5
Resetting OTP Profile
4.9.6
Resetting Virtual Authentication Device
4.9.7
Unlocking OTP
4.9.8
Resetting All Registration Data, Challenge Counters, and OTP Contact and Delivery Information
4.10
Performing Challenge Question Resets
4.10.1
Performing Challenge Questions Related Actions
4.10.2
Resetting Challenge Questions
4.10.3
Resetting Challenge Questions and the Question Set
4.10.4
Incrementing a Customer to His Next Question
4.10.5
Unlocking a Question (KBA)
4.10.6
Performing KBA Phone Challenge
4.11
Enabling a Temporary Allow
4.12
Performing Case Actions
4.12.1
Adding Notes to Cases
4.12.2
Changing Severity Level of a Case
4.12.3
Changing Status of a Case
4.12.3.1
Changing Case Status to Pending
4.12.3.2
Closing a Case
4.12.3.3
Authenticating Closed Cases
4.12.4
Extending Expiration
4.12.5
Escalating a CSR Case to an Agent Case
4.12.6
Bulk-Editing CSR Cases
4.13
Reporting
4.14
Multitenancy
4.14.1
Enabling Multitenancy
4.14.2
Changing Permissions
4.14.3
Access to Cases
4.14.4
Searching Sessions
4.14.5
Examples of Multitenancy in OAAM
4.14.5.1
CSR Creates a Case
4.14.5.2
CSR is unable to Create Case Successfully for Organization and Login Combination
4.14.5.3
CSR is able to Create Case Successfully for Organization and Login Combination
4.14.5.4
CSR Has Access to More Than One Organization ID Is Unable to Create Case
4.14.5.5
CSR Has Access to More Than One Organization ID is able to Create Case Successfully
4.14.5.6
CSR Who Cannot Access Any Organization Tries to Create Case
4.14.5.7
CSR Acts On Case
4.14.5.8
CSR Views Case Details
4.14.5.9
CSR Searches Sessions
4.14.5.10
Agent Creates a Case
4.14.5.11
CSR Searches Cases
4.15
Use Cases
4.15.1
Use Case: Customer Session Search and Case Creation
4.15.2
Use Case: Reset Challenge Questions
4.15.3
Use Case: Reset Image and Phrase
4.15.4
Use Case: Bulk Edit CSR Cases
4.15.5
Use Case: CSR Manager Bulk Case Edit
4.15.6
Use Case: CSR - Ask Questions
4.16
Best Practices and Recommendations
5
Investigation Using OAAM
5.1
Fraud Investigation
5.1.1
What is Fraud Investigation?
5.1.2
Fraud Investigation Roles
5.1.3
What is an Agent Case?
5.1.4
How are Agent Cases Created?
5.1.4.1
Manually Created Case
5.1.4.2
Auto-Generated Case
5.1.4.3
Escalated Cases
5.1.5
Case Ownership
5.1.6
How Fraud Investigators Use Agent Cases for Investigation?
5.1.7
Closing a Case
5.1.8
Agent Case Feedback
5.2
Investigation Workflow
5.3
OAAM Investigation Search and Analysis Features
5.3.1
Agent Case Search
5.3.2
Search for Sessions and Transactions
5.3.2.1
Sessions Search
5.3.2.2
Transaction Search
5.3.3
Utility Panel
5.3.4
Compare Transactions
5.3.5
Add and Remove Fields
5.3.6
Add to Group
5.3.6.1
Use Case: Add Data to Group
5.3.7
Link Sessions to an Agent Case
5.3.8
Select Transaction to Link Sessions to a Case
5.3.9
View High Alerts in Sessions and Transactions
5.3.10
Search for Suspect Transactions to Review
5.3.11
View Transaction and Entity Data
5.3.12
Identify Related Sessions and Transaction
5.3.13
View Transactions from the Filtered Transaction Page
5.3.14
Compare Transactions
5.3.14.1
Use Case: Comparing Transaction Data
5.3.15
Add the Data Element Utilized in the Fraudulent Transactions to a Group
5.3.15.1
Search from existing group
5.3.15.2
Create New Group to Add Data Element to
5.3.16
Close a Case with a Disposition
5.3.17
Search for Auto-Generated Agent Cases with Current Status "New" and Open Case
5.3.18
View Linked Sessions
5.3.19
View Relevant Transaction's Details Such Transactional and Summary Data
5.3.19.1
View Summary Information
5.3.19.2
View Transaction Data
5.3.19.3
View Session Data
5.3.20
View Transaction or Session Oriented Results
5.3.21
Compare Multiple Instances of the Same Transactions
5.3.21.1
Use Case: Comparing Transaction Data
5.3.22
Add Case Notes
5.3.23
Close a Case with a Disposition
5.3.24
Open a Newly Escalated Case
5.3.25
View Case Logs
5.3.26
View User Data
5.3.27
View Case Details
5.3.28
Search for Potentially Suspicious Sessions Based on Various Criteria
5.3.29
View a List of Sessions Matching Specified Criteria
5.3.30
View Forensic Record and General Details of a Session
5.3.30.1
Runtime Information
5.3.30.2
Action, Alerts, and Scores
5.3.30.3
Outcomes from Each Checkpoints
5.3.31
Searching for Transactions
5.3.32
Searching for Transactions by Entities of a Single Transaction Type
5.3.32.1
Use Case: Search by Entity Fields
5.3.32.2
Use Case: Search for ATM Transactions By ATM Card
5.3.32.3
Use Case: List All Account Numbers and Amount Transferred Each Time
5.3.33
Searching Transactions by a Combination of Entities and Transaction Data
5.3.33.1
Use Case: Search by Entity and Transaction Data
5.3.34
Searching Transactions by Entities Across Multiple Transaction Types
5.3.34.1
Use Case: Search Credit Card in Different Transactions (Shopping Cart and Retail Ecommerce)
5.3.35
Opening Details Pages from Sessions Search Page
5.3.36
Viewing a Particular Alert for a Session
5.3.37
Viewing Transaction Search Results
5.3.37.1
Use Case: View Transaction Details
5.3.38
Linking Sessions to a New Case
5.3.39
Linking Sessions to a Case from Case Details
5.3.40
Verifying Entities in a Group
5.3.41
Exporting Linked Session for Further Analysis
5.3.42
Unlinking Linked Sessions
5.3.43
Saving Case Details for Later Reference, Portability and Offline Investigation
5.3.44
Using OAAM BI Publisher Reports for Investigation and Forensics
5.3.44.1
Session Activity Aggregates
5.3.44.2
Search Sessions By Case Disposition
5.4
Managing Cases
5.4.1
Searching for Agent Cases
5.4.2
Create Agent Cases
5.4.2.1
Creating an Agent Case Manually
5.4.2.2
Creating a Case Like Another Agent Case
5.4.2.3
Search and Select and Create a New Case Feature
5.4.2.4
Setting Up OAAM to Create an Agent Case Automatically
5.4.3
Closing Multiple Cases
5.4.4
Changing Severity Level of a Case
5.4.5
Changing Status of a Case
5.4.5.1
Changing the Status of a Case Manually
5.4.6
Bulk-Editing Agent Cases
5.5
Multitenant Access Control
5.6
Best Practices and Recommendations
6
Viewing Additional Details for Investigation
6.1
Details Pages Overview
6.2
Details Page Structure
6.3
Prerequisites
6.3.1
Multitenant Access
6.3.2
View Transactions in Session Details
6.4
Searching for Sessions
6.5
Export Sessions to Excel
6.6
Add to Group
6.6.1
Add to Group From Sessions
6.6.2
Add to Group from Details Pages
6.7
Session Details Page
6.8
Looking at Events from a Higher Level with Session Details
6.8.1
Policy Explorer
6.8.2
Using Session Details to View Runtime Information
6.8.2.1
Session Details
6.8.2.2
Policies
6.8.2.3
Transactions
6.8.3
Action, Alerts, and Scores
6.8.4
Outcomes from Each Checkpoints
6.9
Investigation and the Importance of Details Pages
6.10
Viewing Alerts
6.11
User Details Page
6.11.1
User Details: Summary Tab
6.11.2
User Details: Groups Tab
6.11.3
User Details: Devices Tab
6.11.4
User Details: Locations Tab
6.11.5
User Details: Sessions Tab
6.11.6
User Details: Alerts Tab
6.11.7
User Details: Fingerprint Data
6.11.8
User Details: Policies Tab
6.11.9
User Details Tasks
6.11.9.1
View general user information, registration information, and profile information
6.11.9.2
View the actions performed by the user during registration
6.11.9.3
View statistics about the user
6.11.9.4
Search and view the different devices used for a user to get additional information like the number of times a device is used by a user and the successful and unsuccessful login attempts from each device
6.11.9.5
Search and view the different user groups with which a user is associated
6.11.9.6
Search and view the different locations used for a user to get additional information such as the number of times a location is used by a user and the successful and unsuccessful login attempts from each location
6.11.9.7
Search and view all the alerts triggered and generated for the user
6.11.9.8
Search and view all the login sessions or search login sessions for a particular period for the user
6.11.9.9
View the rules run on the user
6.11.9.10
Search and view the fingerprints created for the user
6.11.9.11
Add user to user group
6.11.9.12
Create a new user group and add user to the newly created group
6.11.9.13
Remove user from user group
6.11.9.14
Navigate to other details pages for groups, alerts, devices, locations, sessions, policy, rules and fingerprints
6.12
IP or Locations (Country, State, or City) Details Page
6.12.1
Location Details: Summary Tab
6.12.2
Location Details: Groups Tab
6.12.3
Location Details: Users Tab
6.12.4
Location Details: Devices Tab
6.12.5
Location Details: Alerts Tab
6.12.6
Location Details: Sessions Tab
6.12.7
Location Details: Fingerprints Tab
6.12.8
Location (Country, State, City, or IP) Details Tasks
6.12.8.1
View general information about the location
6.12.8.2
Search and view the different location groups to which a location is associated or belongs
6.12.8.3
Add location to existing location group
6.12.8.4
Create a location group and add location to it
6.12.8.5
Search and view the different users that logged in from the location get additional information like the number of times a user logged in from the location and the successful and unsuccessful login attempts from the location by each user
6.12.8.6
Search and view the different devices that logged in from the location get additional information like the number of times a device logged in from the location and the successful and unsuccessful login attempts from the location by each device
6.12.8.7
Search and view all the alerts triggered and generated for the location
6.12.8.8
Search and view all the login sessions or search login sessions for a particular period for the location
6.12.8.9
Search and view the fingerprints created for the location
6.12.8.10
Navigate to other details pages for groups, alerts, devices, users, sessions and fingerprints
6.13
Device Details Page
6.13.1
Device Details: Summary Tab
6.13.2
Device Details: Groups Tab
6.13.3
Device Details: Users Tab
6.13.4
Device Details: Locations Tabs
6.13.5
Device Details: Alerts Tab
6.13.6
Device Details: Sessions Tab
6.13.7
Device Details: Fingerprint Data Tab
6.13.8
Device Details Tasks
6.13.8.1
View general information about the device
6.13.8.2
View flash and browser fingerprint information created for the device
6.13.8.3
Search and view the different device groups to which a device is associated or belongs
6.13.8.4
Add/Remove Device from a Device Group
6.13.8.5
Create a device group and add device to it
6.13.8.6
Search and view the different users that used the device to log in to get additional information like the number of times the device was used by a user and the successful and unsuccessful login attempts for the device by each user
6.13.8.7
Search and view the different locations from which the device was used for log in to get additional information like the number of times the device was used from a location and the successful and unsuccessful login attempts for the device from each location
6.13.8.8
Search and view all the alerts triggered and generated for the device
6.13.8.9
Search and view all the login sessions or search login sessions for a particular period for the device
6.13.8.10
Search and view the fingerprints created for the device
6.13.8.11
Navigate to other details pages for groups, alerts, users, locations, sessions and fingerprints
6.14
Fingerprint Details
6.14.1
Fingerprint Details: Summary Tab
6.14.2
Fingerprint Details: Users Tab
6.14.3
Fingerprint Details: Devices Tab
6.14.4
Fingerprint Details: Locations Tab
6.14.5
Fingerprint Details: Sessions Tab
6.14.6
Fingerprint Details: Alerts Tab
6.14.7
Fingerprint Details Tasks
6.14.7.1
View digital fingerprint details
6.14.7.2
View browser fingerprint details
6.14.7.3
Search and view the different users for which the fingerprint was used
6.14.7.4
Search and view the different devices for which the fingerprint was used
6.14.7.5
Search and view the different locations for which the fingerprint was used
6.14.7.6
Search and view all the login sessions or search login sessions for a particular period for the fingerprint
6.14.7.7
Navigate to other details pages for users, devices, sessions and locations
6.15
Alert Details Page
6.15.1
Alert Details: Summary Tab
6.15.2
Alert Details: Users Tab
6.15.3
Alert Details: Devices Tab
6.15.4
Alert Details: Locations Tab
6.15.5
Alert Details: Sessions Tab
6.15.6
Alerts Details: Fingerprint Data
6.15.7
Alert Details Tasks
6.15.7.1
View general information about the alert
6.15.7.2
View alert groups with which an alert is associated
6.15.7.3
Add alert from alert groups
6.15.7.4
Create an alert group and add an alert to it
6.15.7.5
Search and view the different users for which the alert was generated
6.15.7.6
Search and view the different devices for which the alert was generated
6.15.7.7
Search and view the different locations for which the alert was generated
6.15.7.8
Search and view all the login sessions or search login sessions for a particular period for the alert
6.15.7.9
Search and view the fingerprints created
6.15.7.10
Navigate to other details pages for groups, users, devices, locations, sessions and fingerprints
6.16
Uses Cases
6.16.1
Use Case: Search Sessions
6.16.2
Use Case: Session Details Page
6.16.3
Use Case: Checking for Fraudulent Devices and Adding Them to a Group
6.16.4
Use Case: Exporting the Sessions from the Last One Week
6.16.5
Use Case: User Details, Fingerprint Details
6.16.6
Use Case: Device and Location Details
6.16.7
Use Case: IP Details and Adding to Group
6.16.8
Use Case: Viewing the Sessions from a Range of IP Addresses
6.16.9
Use Case: Checking If a User Failed to Login From a Particular Device or IP
6.16.10
Use Case: Checking If Users Logging In from This IP Used Spanish Browsers
6.16.11
Use Case: Adding Devices Used for Fraud from a Location To a Risky Group
6.16.12
Use Case: Adding Suspicious Device to High Risk Device Group
6.16.13
Use Case: Mark Devices and IP Addresses as High Risk
6.16.14
Use Case: Search for Suspicious Sessions and Add Devices to High Risk Group
6.16.15
Use Case: Search Sessions by Alert Message
6.16.16
Use Case: Search Sessions by Geography
6.16.17
Use Case: Search by Comma Separated Values
6.16.18
Use Case: Export Search Sessions Results to Excel
6.16.19
Use Case: Export Search Sessions Results - Export Page to Excel
Part III Managing KBA and OTP
7
Managing Knowledge-Based Authentication
7.1
Introduction and Concepts
7.1.1
Knowledge Based Authentication
7.1.2
Challenge Response Process
7.1.3
Challenge Response Configuration
7.1.4
Registration
7.1.5
Challenge Questions
7.1.6
Question Set
7.1.7
Registration Logic
7.1.8
Answer Logic
7.1.9
Validations
7.1.10
Failure Counters
7.1.11
KBA Resets
7.1.11.1
Reset Challenge Questions
7.1.11.2
Reset Challenge Questions and the Set of Questions to Choose From
7.1.11.3
Increment User to the Next Question
7.1.11.4
Unlock a User
7.1.11.5
Ask Question (KBA Phone Challenge)
7.1.12
Disable Question and Category Logic
7.1.13
Locked Status
7.2
Setting Up KBA Overview
7.2.1
Loading Challenge Questions
7.2.2
Setting Up KBA
7.2.3
Setting Up Challenge
7.2.4
User Flow
7.3
Setting Up the System to Use Challenge Questions
7.3.1
Ensure Policies are Available
7.3.2
Ensuring that KBA Properties/Default Properties are Set
7.3.3
Ensure Challenge Questions are Available
7.3.4
Delete or De-activate Challenge Questions (Migration)
7.3.5
Enabling Policies
7.3.6
Configuring the Challenge Question Answer Validation
7.3.7
Configuring the Answer Logic
7.4
Accessing Configurations in KBA Administration
7.5
Managing Challenge Questions
7.5.1
Searching for a Challenge Question
7.5.2
Viewing Question Details and Statistics
7.5.3
Creating a New Question
7.5.4
Creating a Question Like Another Question
7.5.5
Editing a Question
7.5.6
Importing Questions
7.5.7
Exporting Questions
7.5.8
Deleting a Question
7.5.9
Disabling a Question
7.5.10
Activating Questions
7.6
Setting Up Validations for Answer Registration
7.6.1
Using the Validations Page
7.6.2
Adding a New Validation
7.6.3
Editing an Existing Validation
7.6.4
Importing Validations
7.6.5
Exporting Validations
7.6.6
Deleting Validations
7.7
Managing Categories
7.7.1
Searching for a Category
7.7.2
Creating a New Category
7.7.3
Editing a Category
7.7.4
Deleting Categories
7.7.5
Activating Categories
7.7.6
Deactivating Categories
7.8
Configuring the Registration Logic
7.9
Randomizing KBA Questions
7.10
Adjusting Answer Logic
7.10.1
About Answer Logic
7.10.2
Common Response Errors
7.10.2.1
Abbreviations
7.10.2.2
Phonetics
7.10.2.3
Keyboard Fat Fingering
7.10.3
Level of Answer Logic
7.10.3.1
Abbreviation
7.10.3.2
Fat Fingering
7.10.3.3
Phonetics
7.10.3.4
Multiple Word Answers
7.10.4
Configuring Answer Logic
7.10.5
Customizing English Abbreviations and Equivalences for Answer Logic
7.11
Use Cases
7.11.1
Use Case: Create Challenge Question
7.11.2
Use Case: KBA Registration Logic
7.11.3
Use Case: KBA Phone Challenge
7.11.4
KBA Question Edits
7.11.5
KBA Answer Logic Edits
7.12
KBA Guidelines and Recommended Requirements
7.12.1
Best Practice for How Often to Challenge
7.12.2
Best Practices for Managing Questions
7.12.3
Guidelines for Designing Challenge Questions
7.12.4
Guidelines for Answer Input
7.12.5
Other Recommended Requirements
8
Setting Up OTP Anywhere
8.1
Introduction and Concepts
8.1.1
What is a One Time Password
8.1.2
About Out-of-Band OTP Delivery
8.1.3
How Does OTP Work?
8.1.4
OTP Failure Counters
8.1.5
Challenge Type
8.1.6
KBA vs. OTP
8.2
Quick Start
8.3
Setup Roadmap
8.4
Prerequisites for Configuring OTP
8.4.1
Install SOA Suite
8.4.2
Configure the Delivery Channels
8.4.2.1
Email Driver
8.4.2.2
SMPP Driver
8.5
Setting Properties in OAAM for UMS Integration
8.6
Enabling OTP Challenge
8.7
Enabling Registration and Preferences
8.8
Setting Up the Registration Page
8.8.1
Enabling the Opt-Out for OTP Registration and Challenge
8.8.2
Configuring Checkboxes and Fields on the Registration Pages
8.8.2.1
Configure Terms and Conditions Checkboxes
8.8.2.2
Configuring Text Fields on Registration and Preference Pages
8.9
Configuring Your Policies and Rules to Use OTP Challenge
8.10
Customizing OTP Registration Text and Messaging
8.10.1
Customizing Terms and Conditions
8.10.2
Customizing Mobile Input Registration Fields
8.10.3
Customizing Registration Page Messaging
8.10.4
Customizing Challenge Messaging
8.10.5
Customizing the OTP Messaging
8.11
Other Configuration Tasks
8.11.1
Configuring One Time Password Expiry Time
8.11.2
Configure One-Time Password Generation
8.11.3
Configuring Failure Counter
8.11.4
Configuring Challenge Type Devices for OTP
9
KBA and OTP Challenges
9.1
Using KBA and OTP
9.2
Risk Range for KBA and OTP
9.3
KBA and OTP Scenarios
9.3.1
Always Challenge by Group
9.3.2
CSR OTP Profile Reset with High Risk Always Challenge by Group
9.3.3
Unregistered Low Risk User (Risk Score 500 or Below)
9.3.4
Registered Low Risk User (Risk Score 500 or Below)
9.3.5
Unregistered High Risk User (Risk Score Above 500)
9.3.6
Registered High Risk User (Risk Score Above 500)
9.3.7
Register High Risk Lockout
9.3.8
High Risk Exclusion
9.3.9
OTP Challenge with Multi-Bucket Patterns
Part IV Managing Policy Configuration
10
OAAM Policies Concepts and Reference
10.1
Policies Available with OAAM
10.2
Basic Concepts
10.2.1
What Are Rules?
10.2.2
How Do Rules Work?
10.2.3
Security Administrator Role in Rule-Related Activity
10.2.4
What are Conditions?
10.2.5
What are Policies?
10.2.6
What are Action and Alerts?
10.2.7
What is a Policy Set?
10.2.8
What is a Scoring Engine?
10.2.9
What is a Score?
10.2.10
What is Weight?
10.2.11
What is Score Propagation?
10.2.12
How Does Risk Scoring Work?
10.2.13
What are Trigger Combinations?
10.2.14
How Do Trigger Combinations Work?
10.2.15
What are Nested Policies?
10.2.16
What is a Scoring Override?
10.2.17
What are Action and Alert Overrides?
10.2.18
What are Groups?
10.2.18.1
Using Groups
10.2.18.2
User Group Linking
10.2.18.3
Using Action and Alert Groups
10.3
Rule Processing
10.3.1
Rules Engine
10.3.2
Order of Condition
10.3.3
Condition Evaluation
10.3.4
Checkpoints
10.3.5
Controlling the Application Flow
10.3.6
Messaging
10.3.7
Rule Processing Example: How the OAAM Device Max Velocity Rule Settings Work?
10.3.8
Condition Evaluation Example: User: Velocity from Last Success
10.4
OAAM Flows
10.4.1
Authentication Flow
10.4.2
Forgot Password Flow
10.4.3
Reset Password (KBA-Challenge) Flow
10.4.4
Mobile Service Flows with OAAM
10.5
OAAM Security Policies
10.6
Pre-Authentication Policies
10.6.1
OAAM Pre-Authentication
10.6.1.1
Policy Summary
10.6.1.2
OAAM Pre-Authentication Flow Diagram
10.6.1.3
OAAM Pre-Authentication: Details of Rules
10.6.1.4
Trigger Combinations
10.7
Device Identification Policies
10.7.1
OAAM Base Device ID Policy
10.7.1.1
Policy Summary
10.7.1.2
OAAM Base Device ID Flow Diagram
10.7.1.3
OAAM Base Device Policy: Details of Rules
10.7.1.4
OAAM Base Device ID Policy: Trigger Combinations
10.7.2
OAAM Mobile Device ID Policy
10.7.2.1
OAAM Mobile Device ID Policy Summary
10.7.2.2
OAAM Mobile Device ID Flow Diagram
10.7.2.3
OAAM Mobile Device ID Policy: Details of Rules
10.7.2.4
OAAM Mobile Device ID Policy: Trigger Combinations
10.8
Authentipad Policies
10.8.1
OAAM AuthenticationPad
10.8.1.1
OAAM AuthenticationPad Policy Summary
10.8.1.2
OAAM AuthenticationPad Flow Diagram
10.8.1.3
OAAM AuthenticationPad: Details of Rules
10.8.1.4
OAAM AuthenticationPad: Trigger Combinations
10.9
Post-Authentication Policies
10.9.1
OAAM Post-Authentication Security
10.9.1.1
OAAM Post-Authentication Security Policy Summary
10.9.1.2
OAAM Post-Authentication Security Flow Diagram
10.9.1.3
OAAM Post-Authentication Security: Details of Rules
10.9.1.4
OAAM Post-Authentication Security: Trigger Combinations
10.9.2
OAAM Predictive Analysis
10.9.2.1
OAAM Predictive Analysis Policy Summary
10.9.2.2
OAAM Predictive Analysis Flow Diagram
10.9.2.3
OAAM Predictive Analysis Policy: Details of Rules
10.9.2.4
OAAM Predictive Analysis Policy: Trigger Combination
10.9.3
Auto-learning (Pattern-Based) Policy: OAAM Does User Have Profile
10.9.3.1
OAAM Does User Have Profile Policy Summary
10.9.3.2
OAAM Does User Have Profile Flow Diagram
10.9.3.3
OAAM Does User Have Profile: Details of Rules
10.9.3.4
OAAM Does User Have Profile: Trigger Combination
10.9.4
Auto-learning (Pattern-Based) Policy: OAAM Users vs. Themselves
10.9.4.1
OAAM Users vs. Themselves Policy Summary
10.9.4.2
OAAM Users vs. Themselves Flow Diagram
10.9.4.3
OAAM Users vs. Themselves: Details of Rules
10.9.4.4
OAAM Users vs. Themselves: Trigger Combinations
10.9.5
Autolearning (Pattern-Based) Policy: OAAM Users vs. All Users
10.9.5.1
OAAM Users vs. All Users Policy Summary
10.9.5.2
OAAM Users vs. All Users Flow Diagram
10.9.5.3
OAAM Users vs. All Users: Details of Rules
10.9.5.4
OAAM Users vs. All Users: Trigger Combinations
10.10
Registration Policies
10.10.1
OAAM Registration
10.10.1.1
OAAM Registration Policy Summary
10.10.1.2
OAAM Registration Flow Diagram
10.10.1.3
OAAM Registration: Details of Rules
10.10.1.4
OAAM Registration: Trigger Combinations
10.11
Challenge Policies
10.11.1
OAAM Challenge
10.11.1.1
OAAM Challenge Policy Summary
10.11.1.2
OAAM Challenge Flow Diagram
10.11.1.3
OAAM Challenge: Details of Rules
10.11.1.4
OAAM Challenge: Trigger Combinations
10.12
Customer Care Policies
10.12.1
OAAM Customer Care Ask Question
10.12.1.1
OAAM Customer Care Ask Question Policy Summary
10.12.1.2
OAAM Customer Care Ask Question: Details of Rules
10.12.1.3
OAAM Customer Care Ask Question: Trigger Combinations
10.13
Use Cases
10.13.1
Use Case: WebZIP Browser
10.13.2
Use Case: IP Address Risky User OTP Challenge
10.13.3
Use Case: Anonymizer IP Address - From the Group
10.13.4
Use Case: Pattern Based Evaluation
11
Managing Policies, Rules, and Conditions
11.1
Discovery and Policy Development
11.1.1
Security Policy Development Process
11.1.1.1
Overview
11.1.1.2
Edit Policy: Research and Troubleshooting
11.1.1.3
New Policy: Discovery and Research
11.1.1.4
Edit Existing or Create New Policy: Requirements and Planning
11.1.1.5
Edit Existing or Create New Policy: Configuration
11.1.1.6
Edit Existing or Create New Policy: Testing
11.1.1.7
Edit Existing or Create New Policy: Deployment to Production
11.1.2
Discovery Process Overview
11.1.3
Example Scenario: Transaction Security
11.1.3.1
Problem Statement
11.1.3.2
Inputs Available
11.1.3.3
Evaluation
11.1.3.4
Outcomes
11.1.3.5
Translation
11.1.3.6
Alert
11.1.4
Example Scenario: Login Security
11.1.4.1
Problem Statement
11.1.4.2
Inputs Available
11.1.4.3
Evaluation
11.1.4.4
Outcome
11.1.4.5
Translation
11.1.4.6
Action
11.1.5
Evaluation and Deployment
11.2
Creating Policies
11.3
Linking a Policy to All Users or a User ID Group
11.4
Creating Rules
11.4.1
Starting the Rule Creation Process
11.4.2
Specifying General Rule Information
11.4.3
Configuring Preconditions
11.4.4
Adding Conditions
11.4.5
Specifying Results for the Rule
11.4.6
Adding or Copying a Rule to a Policy
11.5
Setting Up Trigger Combinations
11.6
Managing Policies
11.6.1
Navigating to the Policies Search Page
11.6.2
Searching for a Policy
11.6.3
Viewing a Policy or a List of Policies
11.6.4
Viewing Policy Details
11.6.5
Editing a Policy's General Information
11.6.6
Activate/Disable Policies
11.6.7
Deleting Policies
11.6.8
Copying a Policy to Another Checkpoint
11.6.9
Changing the Sequence of the Trigger Combination
11.6.10
Deleting a Trigger Combination
11.7
Managing Rules
11.7.1
Copying a Rule to a Policy
11.7.2
Navigating to the Rules Search Page
11.7.3
Searching for Rules
11.7.4
Viewing More Details of a Rule
11.7.5
Editing Rules
11.7.5.1
Modifying the Rule's General Information
11.7.5.2
Specifying Preconditions
11.7.5.3
Specifying the Results for a Rule
11.7.6
Activate/Disable Rule
11.7.7
Deleting Rules
11.8
Managing Conditions
11.8.1
Searching Conditions
11.8.2
Adding Conditions to a Rule
11.8.3
Editing Rule Parameters
11.8.4
Viewing the Condition Details of a Rule
11.8.5
Changing the Order of Conditions in a Rule
11.8.6
Deleting Conditions
11.8.7
Deleting Conditions from a Rule
11.9
Exporting and Importing
11.9.1
Exporting a Policy
11.9.2
Importing Policies
11.9.3
Importing a Policy With the Same Name as an Existing Policy
11.9.4
Importing Conditions
11.9.5
Exporting a Condition
11.10
Evaluating a Policy within a Rule
11.11
Best Practices
12
Managing Groups
12.1
About Groups
12.2
Group Types
12.3
Group Usage
12.4
User Flows
12.5
Navigating to the Groups Search Page
12.6
Searching for a Group
12.7
Viewing Details about a Group
12.8
Adding an Entity to a Group
12.9
Group Characteristics
12.10
Creating a Group
12.10.1
Defining a Group
12.10.2
Adding Members to a Group
12.11
Creating a New Element/Member to Add to the Group (No Search and Filter Options)
12.12
Filtering an Existing List to Select an Element to Add to the Group (No Creation of a New Element)
12.12.1
Adding a City to a Cities Group
12.12.2
Adding a State to a States Group
12.12.3
Adding a Country to a Country Group
12.13
Searching for and Adding Existing Elements or Creating and Adding a New Element
12.13.1
Selecting an Element to Add as a Member to the Group
12.13.2
Creating an Element (Member) to Add to the Group
12.14
Adding Alerts to a Group
12.14.1
Selecting an Existing Alert to Add to the Alert Group
12.14.2
Creating a New Alert to Add to the Alert Group
12.15
Searching for and Adding Existing Elements
12.15.1
Selecting an Element to Add as a Member to the Group
12.15.2
Adding Actions to an Action Group
12.15.2.1
Selecting an Existing Action to Add to an Action Group
12.15.2.2
Creating a New Action to Add to an Action Group
12.16
Editing a Member of a Group
12.17
Removing Members of a Group
12.18
Removing a User from a User Group
12.19
Exporting and Importing a Group
12.19.1
Exporting a Group
12.19.2
Importing a Group
12.20
Deleting Groups
12.21
Updating a Group Directly
12.22
Use Cases
12.22.1
Use Case: Migration of Groups
12.22.2
Use Case: Create Alert Group and Add Members
12.22.3
Use Case: Remove User from Group
12.22.4
Use Case: Block Users from a Black-listed Country
12.22.5
Use Case: Company Wants to Block Users
12.22.5.1
Create Country Blacklist Policy (1): Create Fraudulent Country Policy and Rule
12.22.5.2
Create Country Blacklist Policy (2): Create Country Group
12.22.5.3
Create Country Blacklist Policy (3): Create Fraud High Alert Group
12.22.5.4
Create Country Blacklist Security Policy (4 of 5): Create Block Action Group
12.22.5.5
Create Country Blacklist Security Policy (5 of 5): Attach Groups to Fraudulent Country Rule
12.22.6
Use Case: Block Users from Certain Countries
12.22.7
Use Case: Allow Only Users from Certain IP Addresses
12.22.8
Use Case: Check Users from Certain Devices
12.22.9
Use Case: Monitor Certain Users
12.23
Best Practices
13
Managing the Policy Set
13.1
Introduction and Concepts
13.1.1
Policy Set
13.1.2
Action and Score Overrides
13.1.3
Before You Begin
13.2
Navigating to the Policy Set Details Page
13.3
Viewing Policy Set Details
13.4
Adding or Editing a Score Override
13.5
Adding or Editing an Action Override
13.6
Editing a Policy Set
13.7
Use Cases
13.7.1
Use Case: Policy Set - Overrides
13.7.2
Policy Set - Overrides (Order of Evaluation)
13.8
Best Practices for the Policy Set
14
Managing System Snapshots
14.1
Concepts
14.1.1
Snapshots
14.1.2
Snapshot Storage
14.1.3
Snapshot Metadata
14.1.4
Backup
14.1.5
Restore
14.1.6
How Restore Works
14.2
Navigating to the System Snapshot Search Page
14.3
Searching for a Snapshot
14.4
Importing a Snapshot
14.5
Viewing Details of a Snapshot
14.6
Creating a Backup
14.6.1
Backing Up the Current System to the System Database
14.6.2
Backing Up the System Configuration in Database and File
14.6.3
Backing Up the Current System to a File
14.7
Restoring a Snapshot
14.7.1
Steps to Restore Selected Snapshot
14.7.2
Loading and Restoring a Snapshot
14.7.3
Snapshot Restore Considerations
14.7.3.1
Snapshot in Live System (Single Server)
14.7.3.2
Snapshot Restore in Multi-Server System (Connected to the Same Database)
14.7.3.3
Snapshot Restore in Multi-Server Running Different Versions
14.8
Deleting a Snapshot
14.9
Limitations of Snapshots
14.10
Diagnostics
14.11
Use Cases
14.11.1
System Snapshot Import/Export
14.11.2
Use Case: User Exports Policy Set as a Record for Research
14.11.3
Use Case: User Replaces Entire System
14.11.4
Use Case: User Identifies Policy Set to Import
14.12
Best Practices for Snapshots
Part V Autolearning
15
Managing Autolearning
15.1
Introduction and Concepts
15.1.1
Autolearning
15.1.2
Patterns
15.1.3
Member Types and Attributes
15.1.4
Buckets
15.1.5
Pattern Rules Evaluations
15.1.6
Bucket Population
15.2
Quick Start for Enabling Autolearning for Your System
15.3
Before You Begin to Use Autolearning
15.3.1
Importing Base Authentication-Related Entities
15.3.2
Enabling Autolearning Properties
15.3.3
Importing Autolearning Policies into the Server
15.3.4
Using Autolearning in Native Integration
15.4
User Flows
15.4.1
Creating a New Pattern
15.4.2
Editing a Pattern
15.5
Navigating to the Patterns Search Page
15.6
Searching for a Pattern
15.7
Navigating to the Patterns Details Page
15.8
Viewing Pattern Details
15.8.1
Viewing Details of a Specific Pattern
15.9
Creating and Editing Patterns
15.9.1
Creating a Pattern
15.9.2
Adding Attributes
15.9.3
Activating and Deactivating Patterns
15.9.3.1
Activating Patterns
15.9.3.2
Deactivating Patterns
15.9.4
Editing the Pattern
15.9.5
Changing the Status of the Pattern
15.9.6
Adding or Changing Member Types
15.9.7
Changing the Evaluation Priority
15.9.8
Editing Attributes
15.9.9
Deleting Attributes
15.10
Importing and Exporting Patterns
15.10.1
Importing Patterns
15.10.2
Exporting Patterns
15.11
Deleting Patterns
15.12
Using Autolearning Data/Profiling Data
15.12.1
Create a Policy that Uses Autolearning Conditions
15.12.2
Associate Autolearning Condition with Policy
15.12.3
Check Session Details
15.13
Transaction-Based Patterns
15.14
Use Cases
15.14.1
Use Case: Challenge Users If Log In Different Time Than Normally
15.14.2
Use Case: Test a Pattern
15.14.3
Use Case: Track Off-Hour Access
15.14.4
Use Case: User Logs in During a Certain Time of Day More Than X Times
15.14.5
Use Case: Patterns Can have Multiple Member Types
15.14.6
Use Case: City Usage
15.14.7
Use Case: Autolearning Adapts to Behavior of Entities
15.14.8
Use Case: Single Bucket Pattern
15.14.9
Use Case: Using Pattern
15.14.10
Use Case: Logins from Out of State
15.14.11
Use Case: Wire Transfer Dollar Amount Pattern
15.14.12
Use Case: HR Employee Record Access Pattern per User
15.14.13
Use Case: HR Employee Record Access Pattern for All Users
15.14.14
Use Case: Shipping Address Country Pattern
15.14.15
Use Case: Shipping Address Country Pattern and Billing Mismatch
15.14.16
Use Case: Shipping Address Country IP Pattern
15.14.17
Use Case: Browser Locale Pattern
15.14.18
Use Case: Credit Card by Shipping Address Country Pattern
15.14.19
Use Case: Credit Card by Dollar Amount Range and Time Pattern
15.15
Autolearning Properties
15.16
Checking if Autolearning Pattern Analysis Functioning
15.17
Checking if Autolearning Rules are Functioning
15.18
Autolearning Classes and Logging
15.19
Pattern Attributes Reference
15.20
Pattern Attributes Operators Reference
15.20.1
For Each
15.20.2
Equals
15.20.3
Less Than
15.20.4
Greater Than
15.20.5
Less Than Equal To
15.20.6
Greater Than Equal To
15.20.7
Not Equal
15.20.8
In
15.20.9
Not In
15.20.10
Like
15.20.11
Not Like
15.20.12
Range
15.20.12.1
Fixed Range
15.20.12.2
Fixed Range with Steps (or Increment)
15.20.12.3
Upper Unbound Ranges with Steps
16
Managing Configurable Actions
16.1
Introduction and Concepts
16.1.1
Configurable Actions
16.1.2
Action Templates
16.1.3
Deploying a Configurable Action
16.2
Creating Configurable Actions
16.2.1
Define New Action Template
16.2.2
Use Existing Action Template
16.2.3
Create Action Instance
16.3
Navigating to the Action Templates Search Page
16.4
Searching for Action Templates
16.5
Viewing Action Template Details
16.6
Creating a New Action Template
16.7
Navigating to the Action Instances Search Page
16.8
Searching for Action Instances
16.9
Creating an Action Instance and Adding it to a Checkpoint
16.10
Creating a Custom Action Instance
16.11
Editing an Action Template
16.12
Exporting Action Templates
16.13
Importing Action Templates
16.14
Moving an Action Template from a Test Environment
16.15
Deleting Action Templates
16.16
Viewing a List of Configurable Action Instances
16.17
Viewing the Details of an Action Instance
16.18
Editing an Action Instance
16.19
Deleting an Existing Action Instance
16.20
Out-of-the-Box Configurable Actions
16.20.1
Defining CaseCreationAction
16.20.2
Defining AddItemtoListAction
16.20.3
Add to Group
16.21
Use Cases
16.21.1
Use Case: Add Device to Black List
16.21.2
Use Case: Add Device to Watch-list Action
16.21.3
Use Case: Custom Configuration Action
16.21.4
Use Case: Create Case
17
Predictive Analysis
17.1
Important Terms
17.1.1
Predictive Analysis
17.1.2
Data Mining
17.1.3
ODM
17.1.4
Predictive Models
17.2
Prerequisites
17.3
Initial Setup
17.4
Rebuild the ODM Models to Provide Feedback and Update Training Data
17.5
Policy Evaluation
17.6
Tuning the Predictive Analysis Rule Conditions
17.7
Adding Custom Database Views
17.8
Adding Custom Grants
17.9
Adding New ODM Models
17.10
Adding Custom Input Data Mappings
17.10.1
When to Use
17.10.2
Using OAAM Attributes to Build a Custom Input Data Mapping
17.10.3
Using Custom Attributes to Build a Custom Input Data Mapping
Part VI Managing Transactions
18
Modeling the Transaction in OAAM
18.1
Introduction
18.2
Use Case
18.3
Set Up the Use Case
18.4
Determine How to Model the Transaction in OAAM in Terms of OAAM Entities and Transactions
18.5
After Creating Entities and Transaction Definitions
18.6
Healthcare Domain Deployment
19
Creating and Managing Entities
19.1
Concepts
19.2
How to Create Entity Definitions
19.2.1
Entity Elements
19.2.1.1
Data Elements
19.2.1.2
Display Element
19.2.1.3
ID Scheme
19.2.1.4
Linked Entities
19.2.1.5
Entity Key
19.2.2
Overview of Creating a Simple Entity Definition
19.2.3
Overview of Creating a Complex Entity Definition
19.2.4
Creating an Entity Definition
19.2.4.1
Initial Steps
19.2.4.2
Adding and Editing Data Elements
19.2.4.3
Selecting Elements for the ID Scheme
19.2.4.4
Specifying Data for the Display Scheme
19.2.4.5
Creating Associations to Reflect Relationships between Entities
19.2.4.6
Setting Up Entity Purging During Entity Creation
19.2.4.7
Activating Entities
19.2.5
What Happens When You Create an Entity Definition
19.3
Managing Entities
19.3.1
Managing Entity Associations
19.3.2
Searching for Entity Definitions
19.3.3
Viewing Details of a Specific Entity
19.3.4
Viewing Entity Usage
19.3.5
Editing the Entity
19.3.6
Removing or Unlinking Entities
19.3.7
Changing the Relationship Name
19.3.8
Importing and Exporting Entities
19.3.8.1
Exporting Entities
19.3.8.2
Importing Entities
19.3.9
Deactivating and Deleting Entities
19.3.9.1
Deactivating Entities
19.3.9.2
Deleting Entities
19.4
Setting Up Targeted Purging for Entity Data
19.5
Best Practices
20
Managing Transactions
20.1
Transaction Handling
20.2
Overview of Creating a Transaction Definition
20.3
Pre-requisites for Performing Analysis on Transactions
20.4
Creating and Using Transaction Definitions
20.4.1
Open the Transactions Page
20.4.2
Create the Transaction Definition
20.4.3
Add an Existing Entity to the Transaction
20.4.4
Add a New Entity to the Transaction
20.4.5
Define Transaction Data for OAAM
20.4.6
Source Data for the Transaction from the Client's End
20.4.7
Map the Source Data
20.4.7.1
Mapping Transaction Data to the Source Data
20.4.7.2
Mapping Entities to the Source Data
20.4.7.3
Editing Mapping
20.4.8
Activate the Definition
20.4.9
Model a Policy
20.4.10
Configure Trigger Results
20.4.11
Integrate the Client Application
20.5
Managing Transaction Definitions
20.5.1
Searching for a Transaction Definition
20.5.2
Viewing Transaction Definitions
20.5.3
Editing a Transaction Definition
20.5.4
Deleting Transaction Definitions
20.5.5
Exporting Transaction Definitions
20.5.6
Importing Transaction Definition
20.5.7
Activating a Transaction Definition
20.5.8
Deactivating a Transaction Definition
20.6
Setting Targeted Purging for Transaction Data Per Transaction Definition
20.7
Transaction Searches
20.8
OAAM Transaction Use Cases
20.8.1
Implementing a Transaction Use Case
20.8.2
Use Case: Transaction Frequency Checks
20.8.3
Use Case: Transaction Frequency and Amount Check against Suspicious Beneficiary Accounts
20.8.4
Use Case: Transaction Check Against Blacklisted Deposit and Beneficiary Accounts
20.8.5
Use Case: Transaction Pattern
Part VII OAAM Offline Environment
21
OAAM Offline
21.1
Concepts
21.1.1
What is OAAM Offline?
21.1.2
OAAM Offline Architecture
21.1.3
Jobs
21.1.4
What is a Load Job and How Do You Set One Up
21.1.5
What is a Run Job and How Do You Set One Up?
21.1.6
Load and Run Job
21.1.7
Data Loaders
21.1.8
Run Type
21.1.9
OAAM Offline User Interface
21.1.9.1
Dashboard Differences
21.1.9.2
Job Interface for Load, Run, and Load and Run
21.1.9.3
Job Queue
21.2
Access Control
21.3
Installation and Configuration of OAAM Offline System
21.3.1
Overview
21.3.2
Install OAAM Offline
21.3.3
Create the Offline Database Schema
21.3.4
Configure Database Connectivity
21.3.5
Log In to OAAM Offline
21.3.6
Environment Set Up
21.3.6.1
Import the Snapshot
21.3.6.2
Set Up Encryption and Database Credentials for Oracle Adaptive Access Manager
21.3.6.3
Enable Autolearning
21.3.6.4
Enable Configurable Actions
21.3.6.5
Import IP Location Data
21.3.6.6
Configure How Checkpoint Data Is Handled in Load and Run Jobs
21.4
Scheduling Jobs
21.5
Testing Policies and Rules
21.5.1
New Deployment Using OAAM Offline
21.5.2
Existing Deployment Using OAAM Offline
21.6
What to Expect in OAAM Offline
21.7
Monitoring OAAM Offline
21.7.1
Using Dashboard to Monitor the Loader Process
21.7.2
Enable Rule Logging
21.7.3
Database Query Logs for Performance Monitoring
21.7.4
Oracle Adaptive Access Manager Server Logs
21.7.5
Database Tuning
21.7.6
Manageability
21.8
Loading from Non-Oracle or Non-Microsoft Server SQL Server Database
21.8.1
Specifying Offline Loader Database Platforms for Non-Oracle or Non-Microsoft Server SQL Server Databases
21.8.2
Creating a View of a Non-OAAM Database
21.8.2.1
The OAAM_LOAD_DATA_VIEW
21.8.2.2
Schema Examples
21.9
Changing the Checkpoints to Run
21.10
Migration
21.11
Use Cases
21.11.1
Use Case: Upgrading a Deployment with Multiple Scheduled Jobs
21.11.2
Use Case: Configure a Solution to Run Risk Evaluations Offline
21.11.3
Use Case: Run Login Analysis on the Same Data Multiple Times (Reset Data)
21.11.4
Use Case: Monitor Data Rollup
21.11.5
Use Case: Consolidation of the Dashboard Monitor Data
21.11.6
Use Case: Load Transactional Data and Run Risk Evaluations from Multiple Sources
21.11.7
Use Case: Using OAAM Offline (Standard Loading)
21.12
Best Practices
21.12.1
Configuring Worker/Writer Threads
21.12.2
Database Server with Good I/O Capability
21.12.3
Database Indexes
21.12.4
Setting Memory Buffer Size
21.12.5
Quality of Input Data
21.12.6
Configuring Device Data
21.12.7
Availability
21.12.8
OAAM Loader vs. File-based and Custom Loaders
21.12.9
Custom Loader Usage
Part VIII Scheduling Jobs
22
Scheduling and Processing Jobs in OAAM
22.1
Access Control
22.2
Introduction to OAAM Jobs
22.2.1
Job Interface
22.2.2
Job Queue
22.2.3
Searching for Jobs
22.3
Launching the Job Creation Wizard
22.3.1
Create Job: General
22.3.2
Create Job: Load Details (for Load and Load and Run Jobs)
22.3.3
Create Job: Run Details (for Run and Load and Run Jobs)
22.3.4
Create Job: Data Filters
22.3.5
Create Job: Schedule
22.3.5.1
Job Priority
22.3.5.2
Schedule Type
22.3.5.3
Cancel Time
22.3.6
Create Job: Summary
22.4
Creating Jobs
22.4.1
Creating Load Jobs
22.4.1.1
Selecting Load Job Type and Providing Job Details
22.4.1.2
Providing Load Details for Custom Loader
22.4.1.3
Providing Load Details for OAAM Data Loader
22.4.1.4
Specifying to Load All Data Created After a Given Date
22.4.1.5
Specifying to Load Data Created within a Date Range
22.4.1.6
Scheduling a Load Job that Runs Once
22.4.1.7
Scheduling a Load Job that Runs on a Regular Basis (Recurring)
22.4.1.8
Checking the Summary Details of Load Job
22.4.2
Creating Run Jobs
22.4.2.1
Selecting Run Job Type and Providing Job Details
22.4.2.2
Choosing Default or Custom Run as Run Type
22.4.2.3
Specifying Which Set of Records to Analyze
22.4.2.4
Scheduling Analysis to Run
22.4.2.5
Checking the Summary Details of the Run Job
22.4.3
Creating Load and Run Jobs
22.4.3.1
Selecting Load and Run Job Type and Providing Details
22.4.3.2
Selecting Loader Type for Load and Run Job
22.4.3.3
Specifying Data Filters for Load and Run Job
22.4.3.4
Scheduling a Load and Run Job that Runs Once
22.4.3.5
Scheduling a Load and Run Job that Runs on a Regular Basis (Recurring)
22.4.3.6
Checking the Summary Details of the Load and Run Job
22.4.4
Creating Monitor Data Rollup Jobs
22.4.4.1
About Monitor Data Rollup Jobs
22.4.4.2
Selecting Monitor Data Rollup Type and Providing Details
22.4.4.3
Specifying Rollup Unit and Cutoff Time
22.4.4.4
Scheduling a Monitor Data Rollup Job that Runs Once
22.4.4.5
Scheduling a Monitor Data Rollup that Runs on a Regular Basis (Recurring)
22.4.4.6
Checking the Summary Details of the Monitor Data Rollup
22.5
Managing Jobs
22.5.1
About Running Jobs
22.5.1.1
Bulk Risk Analytics Job Execution
22.5.1.2
Run Data Reset
22.5.1.3
Group Populations
22.5.1.4
Pattern Buckets and Memberships
22.5.1.5
Actions, Alerts, Scores
22.5.2
Notes About Rescheduling Jobs
22.5.3
Processing a Job Immediately
22.5.4
Pausing a Job
22.5.5
Resuming a Paused Job
22.5.6
Canceling a Job
22.5.7
Enabling Jobs
22.5.8
Disabling Jobs
22.5.9
Deleting Jobs
22.5.10
Viewing Job Details
22.5.11
Viewing Instances of a Job
22.5.12
Viewing the Job Log
22.5.13
Viewing and Sorting the Job Queue
22.5.13.1
Viewing the Job Queue
22.5.13.2
Sorting the Job Queue
22.6
Editing Jobs
22.6.1
Editing Jobs
22.6.2
Editing the Monitor Data Rollup
22.7
Migration
22.8
Use Cases
22.8.1
Use Case: Load OAAM Login Data and Run Checkpoints on a Recurring Basis
22.8.2
Use Case: Load Transaction Data and Run Checkpoints on a Recurring Basis
22.8.3
Use Case: Create a Job for Immediate Execution
22.8.4
Use Case: Create a Job for Future Execution
22.8.5
Use Case: Create a Job With Recurring Execution
22.8.6
Use Case: View the Job Queue
22.8.7
Use Case: View the Logs from a Job Execution
22.8.8
Use Case: Check If the Job Ran Successfully
22.8.9
Use Case: View the Order of Execution of Jobs
Part IX Reporting and Auditing
23
Monitoring OAAM Administrative Functions and Performance
23.1
Monitoring Performance Data and Administrative Functions Using the Oracle Adaptive Access Manager Dashboard
23.1.1
What is a Dashboard?
23.1.2
Common Terms and Definitions
23.1.3
Navigation
23.1.4
Using the Dashboard in Oracle Adaptive Access Manager
23.1.4.1
Performance
23.1.4.2
Summary
23.1.4.3
Dashboards
23.2
Monitoring Performance Using the Dynamic Monitoring System
23.2.1
Login Information (Counts Only)
23.2.2
Rules Engine Execution Information (Count and Time Taken to Execute)
23.2.3
APIs Execution Information (Count and Time Taken to Execute)
23.3
Monitoring Performance Data and Administrative Functions Using Fusion Middleware Control
23.3.1
Displaying the Fusion Middleware Control
23.3.2
Displaying Base Domain 11
g
Farm Page
23.3.3
Oracle Adaptive Access Manager Cluster Home Page
23.3.4
Oracle Adaptive Access Manager Server Home Page
23.4
Use Cases
23.4.1
Use Case: Trend Rules Performance on Dashboard
23.4.2
Use Case: View Current Activity
23.4.3
Use Case: View Aggregate Data
23.4.4
Use Cases: Additional Security Administrator and Fraud Investigator Use Cases
23.4.5
Use Cases Additional Business Analyst Use Cases
23.4.6
Use Case: Viewing OTP Performance Data
24
Reporting and Auditing
24.1
Configuring OAAM Reports
24.1.1
What is Oracle BI Publisher?
24.1.2
Setting Up Oracle BI Publisher for OAAM Reports and Fusion Middleware Audit
24.1.2.1
Acquiring and Installing Oracle BI Publisher
24.1.2.2
Copying OAAM Reports to the Reporting Database
24.1.2.3
Set Up the Data Source for OAAM Reports
24.1.3
Viewing/Running Reports
24.1.4
Setting Preferences
24.1.5
Adding Translations for the Oracle BI Publisher Catalog and Reports
24.1.6
Localizing Reports
24.1.7
Scheduling a Report
24.1.8
OAAM Reports
24.1.8.1
Common Reports
24.1.8.2
Devices Reports
24.1.8.3
KBA Reports
24.1.8.4
Location Reports
24.1.8.5
Performance Reports
24.1.8.6
Security Reports
24.1.8.7
Summary Reports
24.1.8.8
Users Reports
24.1.9
Creating Custom OAAM Reports
24.1.9.1
Creating a Data Model
24.1.9.2
Mapping User Defined Enum Numeric Type Codes to Readable Names
24.1.9.3
Adding Lists of Values
24.1.9.4
Adding Geolocation Data
24.1.9.5
Adding Sessions and Alerts
24.1.9.6
Example
24.1.9.7
Adding Layouts to the Report Definition
24.1.10
Building OAAM Transactions Reports
24.1.10.1
Getting Entities and Transactions Information
24.1.10.2
Discovering Entity Data Mapping Information
24.1.10.3
Discovering Transaction Data Mapping Information
24.1.10.4
Building Transaction Reports
24.2
Auditing OAAM Events
24.2.1
Introduction to Auditing
24.2.2
About Audit Record Storage
24.2.3
Oracle Adaptive Access Manager Events You Can Audit
24.2.3.1
Customer Care Events
24.2.3.2
KBA Questions Events
24.2.3.3
Policy Management Events
24.2.3.4
Policy Set Management Events
24.2.3.5
Group/List Management Events
24.2.3.6
Pattern Management Events
24.2.3.7
Dynamic Action Management Events
24.2.3.8
Entity Management Events
24.2.3.9
Transaction Management Events
24.2.3.10
Snapshot Management Events
24.2.3.11
OAAM Server Administration Events
24.2.3.12
User Detail Events
24.2.3.13
Import Events
24.2.4
Setting Up Auditing for Oracle Adaptive Access Manager
24.2.4.1
Create the Audit Schema using Repository Creation Utility
24.2.4.2
Configure a Data Source for the Audit Database
24.2.4.3
Enable Auditing
24.2.4.4
Set Up Oracle Business Intelligence Publisher Audit Reports
24.2.4.5
Restart the WebLogic Server
24.2.5
Generate Fusion Middleware Audit Framework Reports
24.2.6
Run the Fusion Middleware Common User Activities Reports
24.2.7
Set Up Audit Report Filters
24.2.8
Configure Scheduler in Oracle Business Intelligence Publisher
24.2.9
Design and Create Custom Reports
24.3
Use Cases
24.3.1
Use Case: BIP Reports
24.3.1.1
Description
24.3.1.2
Steps
24.3.2
Use Case: LoginSummary Report
Part X Deployment Management
25
Using the Properties Editor
25.1
Navigating to the Properties Search Page
25.2
Searching for a Property
25.3
Viewing the Value of a Property
25.4
Viewing Enumerations
25.5
Creating a New Database Type Property
25.6
Editing the Values for Database and File Type Properties
25.7
Deleting Database Type Properties
25.8
Exporting Database and File Type Properties
25.9
Importing Database Type Properties
25.10
Editing Enums in the Property Editor
Part XI Command-Line Interface
26
Oracle Adaptive Access Manager Command-Line Interface Scripts
26.1
CLI Overview
26.2
Using CLI
26.2.1
Obtaining Usage Information for Import or Export
26.2.2
Command-Line Options
26.2.2.1
What is the Syntax for Commands?
26.2.2.2
CLI Parameters
26.2.2.3
Supported Modules for Import and Export
26.2.2.4
Import of Files
26.2.2.5
Export of Files
26.2.2.6
Import Options
26.2.2.7
Importing Multiple Types of Entities in One Transaction
26.2.2.8
Multiple Modules and Extra Options (Common vs. Specific)
26.2.2.9
Transaction Handling
26.2.2.10
Upload Location Database
26.2.3
Globalization
26.3
Importing IP Location Data
26.3.1
Loading the Location Data to the Oracle Adaptive Access Manager Database
26.3.1.1
Setting Up for SQL Server Database
26.3.1.2
Setting Up IP Location Loader Properties
26.3.1.3
Setting Up for Loading MaxMind IP data
26.3.1.4
Setting Up Encryption
26.3.1.5
Loading Location Data
26.3.2
System Behavior
26.3.3
Quova/Neustar File Layout
26.3.3.1
Routing Types Mapping
26.3.3.2
Connection Types Mapping
26.3.3.3
Connection Speed Mapping
26.3.4
Oracle Adaptive Access Manager Tables
26.3.4.1
Anonymizer
26.3.4.2
Tables in Location Loading
26.3.5
Verifying When the Loading was a Success
Part XII Multitenancy
27
Multitenancy Access Control for CSR and Agent Operation
27.1
Multitenancy Access Control
27.2
Mapping of Application ID (Client-Side) to Organization ID (Administration Side)
27.3
Set Up Access Control for Multitenancy
27.3.1
Set Access Control for Multitenancy
27.3.2
Providing CSR Access to Particular Organizations
27.3.2.1
Using WebLogic
27.3.2.2
Adding Users and Groups to Oracle Internet Directory
27.3.2.3
Adding Users and Groups in the LDAP Store
27.4
What to Expect
27.5
Multitenancy Access Control Use Case
27.5.1
CSR and CSR Manager Access Controls
27.5.2
Agent Access Controls
27.5.3
CSR Case API Data Access Controls
27.6
Troubleshooting/FAQ
27.6.1
I thought I had set up multitenancy access control but CSRs and Investigators still have access to all cases
27.6.2
I have set up multitenancy access control and I have verified that the property is set to true but the CSRs and Investigators are able to access to all cases
27.6.3
Are Security and System Administrators affected when I set up multitenancy access control?
27.6.4
Can CSRs and Investigators have access to multiple organizations?
27.6.5
Can I limit access of a CSR or Investigator to certain organizations even though he had access before?
27.6.6
My CSRs and Investigators have no access to cases. What is wrong?
Part XIII Troubleshooting
28
Performance Considerations and Best Practices
28.1
General Performance Tuning and Troubleshooting
28.2
Performance Monitoring and Troubleshooting Tools
28.3
Policy and Rules - Performance Consideration
28.4
Logging - Performance Considerations
28.5
Database - Performance Considerations
28.6
Memory - Performance Considerations
28.7
Network - Performance Considerations
28.8
Hardware - Performance Considerations
29
FAQ/Troubleshooting
29.1
Techniques for Solving Complex Problems
29.1.1
Simple Techniques
29.1.2
Divide and Conquer
29.1.3
Rigorous Analysis
29.1.4
Process Flow of Analysis
29.1.4.1
State the Problem
29.1.4.2
Specify the Problem
29.1.4.3
What It Never Worked
29.1.4.4
IS and IS NOT but COULD BE
29.1.4.5
Develop Possible Causes
29.1.4.6
Test Each Candidate Cause Against the Specification
29.1.4.7
Confirm the Cause
29.1.4.8
Failures
29.2
Troubleshooting Tools
29.3
Policies, Rules, and Conditions
29.4
Groups
29.5
Autolearning
29.6
Configurable Actions
29.7
Entities and Transactions
29.8
KBA
29.9
Case Management
29.10
Jobs
29.11
Dashboard
29.12
Command-Line Interface
29.13
Import/Export
29.14
Location Loader
29.15
Device Registration
29.16
Time Zones
29.17
Encryption
29.18
Localization
29.19
Using Different Encryption Algorithms and Plugging in New Encryption
29.20
Virtual Authentication Devices
29.20.1
Timeout Session Option in WebLogic
29.21
OAAM Sessions are Not Recorded When IP Address from Header is an Invalid IP Address
Part XIV Appendixes
A
Using OAAM
A.1
Investigation - Alert Centric Flow
A.2
Investigation - Session Centric Flow
A.3
Investigation - Auto-generated Agent Case Flow
A.4
Escalated Agent Case
A.5
Search Transactions: Add Filter 1
A.6
Search Transactions: Add Filter 2
A.7
Wire Transfer Dollar Amount Pattern
A.8
Shipping Address Country Pattern and Billing Mismatch
A.9
Browser Locale Pattern
A.10
Credit Card by Shipping Address Country Pattern
A.11
Linked Entities
B
Conditions Reference
B.1
Available Conditions
B.2
Descriptions
B.3
Autolearning Conditions
B.3.1
Pattern (Authentication): Entity is Member of Pattern Bucket for First Time in Certain Time Period
B.3.2
Pattern (Authentication): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.3
Pattern (Authentication): Entity is a Member of the Pattern Bucket Less Than Some Percent with All Entities in the Picture
B.3.4
Pattern (Authentication): Entity is Member of Pattern N Times
B.3.5
Pattern (Authentication): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.6
Pattern (Transaction): Entity is Member of Pattern N Times
B.3.7
Pattern (Transaction): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.8
Pattern (Transaction): Entity is a Member of the Pattern Bucket for the First Time in a Certain Time Period
B.3.9
Pattern (Transaction): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.10
Pattern (Transaction): Entity is a Member of the Pattern Bucket Less than Some Percent with All Entities in the Picture
B.3.11
Pattern (Transaction): Entity is Member of Pattern X% More Frequently All Entities' Average Over Last N Time Periods
B.3.12
Pattern (Transaction): Entity is Member of Pattern X% More Frequently Than Entity's Average Over Last N Time Periods
B.4
Device Conditions
B.4.1
Device: Browser Header Substring
B.4.2
Device: Check if Device is of Given Type
B.4.3
Device: Device First Time for User
B.4.4
Device: Excessive Use
B.4.5
Device: In Group
B.4.6
Device: Is Registered
B.4.7
Device: Timed Not Status
B.4.8
Device: Used Count for User
B.4.9
Device: User Count
B.4.10
Device: User Status Count
B.4.11
Device: Velocity from Last Login and Ignore IP Group
B.4.12
Device: Check if Device is Using Mobile Browser
B.5
Location Conditions
B.5.1
Location: ASN in Group
B.5.2
Location: in City Group
B.5.3
Location: In Carrier Group
B.5.4
Location: In Country Group
B.5.5
Location: IP Connection Type in Group
B.5.6
Location: IP in Range Group
B.5.7
Location: IP Line Speed Type
B.5.8
Location: IP Maximum Users
B.5.9
Location: IP Routing Type in Group
B.5.10
Location: Is IP from AOL
B.5.11
Location: In State Group
B.5.12
Location: IP Connection Type
B.5.13
Location: IP Maximum Logins
B.5.14
Location: IP Excessive Use
B.5.15
Location: Timed Not Status
B.5.16
Location: IP in Group
B.5.17
Location: Domain in Group
B.5.18
Location: IP Connection Speed in Group
B.5.19
Location: ISP in Group
B.5.20
Location: Top-Level Domain in Group
B.5.21
Location: IP Multiple Devices
B.5.22
Location: IP Routing Type
B.5.23
Location: IP Type
B.5.24
Location: User Status Count
B.6
Session Conditions
B.6.1
Session: Check Parameter Value
B.6.1.1
Session: Check Parameter Value Parameters
B.6.1.2
Example Usage
B.6.2
Session: Check Parameter Value in Group
B.6.3
Session: Check Parameter Value for Regular Expression
B.6.3.1
Session: Check Parameter Value for Regular Expression Parameters
B.6.3.2
Example Usage
B.6.4
Session: Check Two String Parameter Values
B.6.5
Session: Check String Value
B.6.5.1
Session: Check String Value Parameters
B.6.5.2
Example Usage
B.6.6
Session: Time Unit Condition
B.6.7
Session: Compare Two Parameter Values
B.6.8
Session: Check Current Session Using the Filter Conditions
B.6.9
Session: Check Risk Score Classification
B.6.10
Session: Cookie Mismatch
B.6.11
Session: Mismatch in Browser Fingerprint
B.6.12
Session: Compare with Current Date Time
B.6.13
Session: IP Changed
B.6.14
Session: Check Value in Comma Separated Values
B.7
System Conditions
B.7.1
System - Check Boolean Property
B.7.1.1
System - Check Boolean Property Parameters
B.7.1.2
Example Usage
B.7.2
System - Check Enough Pattern Data
B.7.3
System - Check If Enough Data is Available for Any Pattern
B.7.4
System - Check Integer Property
B.7.5
System - Check Request Date
B.7.6
System - Check String Property
B.8
Transactions Conditions
B.8.1
About Duration Types
B.8.2
Transaction: Check Count of Any Entity or Element of a Transaction Using Filter Conditions
B.8.3
Transaction: Check Current Transaction Using Filter Condition
B.8.4
Transaction: Check if Consecutive Transactions in Given Duration Satisfy the Filter Conditions
B.8.5
Transaction: Check Number of Times Entity Used in Transaction
B.8.6
Transaction: Check Transaction Aggregrate and Count Using Filter Conditions
B.8.7
Transaction: Check Transaction Count Using Filter Condition
B.8.8
Transaction: Compare Transaction Aggregrates (Sum/Avg/Min/Max) Across Two Different Durations
B.8.9
Transaction: Compare Transaction Counts Across Two Different Durations
B.8.10
Transaction: Compare Transaction Entity/Element Counts Across Two Different Durations
B.8.11
Transaction: Check Unique Transaction Entity Count with the Specified Count
B.9
User Conditions
B.9.1
User: Stale Session
B.9.2
User: Devices Used
B.9.3
User: Check If Devices Of Certain Type Are Used
B.9.4
User: Check Number of Registered Devices Of Given Type
B.9.5
User: Velocity from Last Success
B.9.6
User: Velocity from Last Successful Login
B.9.7
User: Velocity from Last Successful Login within Limits
B.9.8
User: Distance from Last Successful Login
B.9.9
User: Distance from Last Successful Login within Limits
B.9.10
User: Authentication Image Assigned
B.9.11
User: Authentication Mode
B.9.12
User: Status Count Timed
B.9.13
User: Challenge Timed
B.9.14
User: Challenge Channel Failure
B.9.15
User: Challenge Questions Failure
B.9.16
User: Challenge Failure - Minimum Failures
B.9.17
User: Challenge Maximum Failures
B.9.18
User: Challenge Failure Is Last Challenge Before
B.9.19
User: Check OTP Failures
B.9.20
User: Multiple Failures
B.9.21
User: In Group
B.9.22
User: Login in Group
B.9.23
User: User Group in Group
B.9.24
User: Action Count
B.9.25
User: Action Count Timed
B.9.26
User: Check Last Session Action
B.9.27
User: Account Status
B.9.28
User: Client And Status
B.9.29
User: Question Status
B.9.30
User: Image Status
B.9.31
User: Phrase Status
B.9.32
User: Preferences Configured
B.9.33
User: Check Information
B.9.34
User: Check User Data
B.9.35
User: User Agent Percentage Match
B.9.36
User: Is User Agent Match
B.9.37
User: Check Fraudulent User Request
B.9.38
User: Check Anomalous User Request
B.9.39
User: User is Member of Pattern N Times
B.9.40
User: User Country for First Time
B.9.41
User: Country First Time for User
B.9.42
User: Country First Time from Group
B.9.43
User: User State for First Time
B.9.44
User: State First Time for User
B.9.45
User: User City for First Time
B.9.46
User: City First Time for User
B.9.47
User: Login for First Time
B.9.48
User: IP Carrier for First Time
B.9.49
User: User IP for First Time
B.9.50
User: User ISP for First Time
B.9.51
User: Check First Login Time
B.9.52
User: ASN for First Time
B.9.53
User: User Carrier for First Time
B.9.54
User: Maximum Countries
B.9.55
User: Maximum States
B.9.56
User: Maximum Cities
B.9.57
User: Maximum Locations Timed
B.9.58
User: Maximum IPs Timed
B.9.59
User: Country Failure Count for User
B.9.60
User: Check Login Count
B.9.61
User: Last Login Status
B.9.62
User: Last Login within Specified Time
B.9.63
User: Check Login Time
B.9.64
User: Login Time Between Specified Times
B.9.65
User: Is Last IP Match with Current IP
B.9.66
User: Location Used Timed
B.9.67
User: Checkpoint Score
C
OAAM Properties
C.1
OAAM Properties
C.1.1
Access Manager and Oracle Adaptive Access Manager Integration
C.1.2
Policies, Rules, and Conditions Properties
C.1.3
Autolearning Properties
C.1.4
Cookie Properties
C.1.5
Entities and Transactions Properties
C.1.6
Encrypted Data Masking Properties
C.1.7
KBA Properties
C.1.8
OTP Properties
C.1.9
Investigation Properties
C.1.10
Offline Scheduler Properties
C.1.11
Virtual Authentication Devices Properties
C.1.12
Configurable Action Properties
C.1.13
Proxy Properties
C.1.14
Device Registration Properties
C.1.15
Properties Editor Properties
C.1.16
User Interface Properties
C.1.17
Time Zone Properties
C.1.18
Customer Care Properties
C.1.19
Step-up Authentication Properties
C.1.20
Mobile Properties
C.1.21
Agent Cases Properties
C.1.22
Digital Fingerprint Properties
C.1.23
Encryption
C.1.24
Database Activity
C.1.25
SOAP Configuration Properties
C.1.26
Fuzzy Logic
C.2
Enumerations
C.2.1
Adding a New Case Status
C.2.2
Adding New Alert Levels
C.2.3
Adding Canned Notes to Case Status
C.2.4
Adding New Case Severity
C.2.5
Configuring Auto Change for Case Status
C.2.6
Configuring Expiry Behavior for CSR Cases
C.2.6.1
Disable Expiry Behavior for CSR Cases
C.2.6.2
Set Expiry Behavior of CSR Cases
C.2.7
Configuring Expiry Behavior for Agent Cases
C.2.7.1
Disable Expiry Behavior for Agent Cases
C.2.7.2
Set Expiry Behavior for Agent Cases
C.2.8
Configuring Agent Case Access
D
Setting Up Archive and Purge Procedures
D.1
Overview
D.2
Setting Up the Scripts in Database
D.2.1
Non-EBR Schema
D.2.2
EBR Schema
D.3
Running the Archive and Purge Scripts
D.4
Running Partition Maintenance Scripts
D.4.1
Dropping Weekly Partitions
D.4.2
Dropping Monthly Partitions
D.5
Minimum Data Retention Policy for OLTP (Online Transaction Processing) Tables
D.6
Best Practices/Guidelines for Running Purge Scripts
D.7
Details of Data that is Archived and Purged
D.7.1
Login and Device Data
D.7.2
Rules and Policy Log Data
D.7.3
Transactions and Entities Data
D.7.4
Autolearning Data
D.7.5
Profile Data
D.7.6
Cases-Related Data
D.7.7
Monitor Data
D.8
List of Related Stored Procedures
E
Device Fingerprinting
E.1
Device Fingerprinting
E.1.1
What is Device Fingerprinting?
E.1.2
Browser Access
E.1.3
Browser Access and Custom Client
E.1.4
Native Mobile Applications
E.1.5
What is the Device Identification Process?
E.1.5.1
Data Gathering
E.1.5.2
Data Processing
E.1.5.3
Data Storage
E.1.6
When is a Device Fingerprinted?
E.1.7
How is a Device Fingerprinted?
E.1.8
Device Identification Policies
E.1.9
How are Secure Cookies Used?
E.1.10
Use Cases
E.2
Out-of-the-Box Fingerprint Type
E.3
Custom Fingerprint
E.3.1
Set Up Custom Fingerprinting
E.3.2
Custom Fingerprinting Display
E.3.2.1
Search and View Fingerprint in User Details Page
E.3.2.2
Details Pages: Fingerprint
E.3.2.3
Fingerprint Details
E.3.2.4
Sessions Details
E.3.2.5
Device Details Summary Tab
E.3.3
Custom Attribute Use Cases
E.3.3.1
Custom Attribute Available
E.3.3.2
Custom Attribute Not Available and Flash Not Installed
E.3.3.3
Custom Attribute Search
E.3.3.4
What if Digital Cookie is Cleared?
E.3.3.5
What if Secure Cookies are Deleted?
E.3.4
Device Fingerprinting Troubleshooting
F
Globalization Support
F.1
Supported Languages
F.2
Dashboard
F.3
Knowledge Based Authentication
F.3.1
Answer Logic Phonetics Algorithms
F.3.2
Keyboard Fat Fingering
F.3.3
Adding Registration Questions
G
OAAM Access Roles
G.1
Understanding Users and Roles for OAAM
G.2
CSR (OAAMCSRGroup)
G.3
CSR Managers (OAAMCSRManagerGroup)
G.4
Fraud Investigator (OAAMInvestigatorGroup)
G.5
Fraud Investigation Managers (OAAMInvestigationManagerGroup)
G.6
Security Administrator (OAAMRuleAdministratorGroup)
G.7
System Administrator (OAAMEnvAdminGroup)
G.8
Auditor
H
Pattern Processing
H.1
Pattern Data Processing
H.2
APIs for Triggering Pattern Data Processing
H.2.1
updateTransaction
H.2.2
updateAuthStatus
H.2.3
processPatternAnalysis
I
Configuring SOAP Web Services Access
I.1
Web Services Access
I.2
Requirements
I.3
Configuring SOAP Web Services Access Overview
I.4
Enabling Web Services Authentication
I.5
Creating User and Group
I.6
Configuring Web Services Authorization
I.7
Setting Up Client Side Keystore to Secure the SOAP User Password
I.8
Setting SOAP Related Properties in oaam_custom.properties
I.9
Setting Up the Base Environment in OAAM Native SOAP Integration
I.10
Disabling SOAP Service Authentication on the Server
J
Configuring Logging
J.1
Logging Configuration File
J.2
Oracle Adaptive Access Manager Loggers
J.3
Logging Levels
J.4
Handlers
J.4.1
Configuring the File Handler
J.4.2
Configuring Both Console Logging and File Logging
J.5
Redirecting oracle.oaam Logs
K
Rule and Fingerprint Logging
K.1
About Rule Logging
K.1.1
Fingerprint Rule Logging
K.1.2
Detailed Rule Logging
K.1.3
Status Columns in the VR_RULE_LOGS Table
K.2
Rule Logging Properties
K.3
Enabling Rule Logging
K.4
Enabling Rule Logging for a Specific Checkpoint
K.5
Enabling Logging of Untriggered Rules
K.6
Enabling Detailed Logging
K.7
Enabling Fingerprint Rule Logging
K.8
Other Fingerprint and Detailed Logging Properties
K.9
Archiving and Purging Rule Log Data
L
VCryptUser Table
L.1
VCryptUser
Glossary
Index
Scripting on this page enhances content navigation, but does not change the content in any way.