Go to main content
1/60
Contents
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
What's New in this Guide?
Updates in August 2015 Documentation Refresh for 11g Release 2 (11.1.2.3)
Updates in July 2015 Documentation Refresh for 11g Release 2 (11.1.2.3)
Updates in June 2015 Documentation Refresh for 11g Release 2 (11.1.2.3)
New Features and Enhancements for 11
g
Release 2 (11.1.2.3)
Updates in February 2014 - January 2015 Documentation Refreshes for 11
g
Release 2 (11.1.2.2)
New Features and Enhancements for 11
g
Release 2 (11.1.2.2)
New Features and Enhancements for 11
g
Release 2 (11.1.2)
New Features and Enhancements for 11
g
Release 1 (11.1.1)
Significant Changes in this Document for 11
g
Release from 10
g
to 11
g
Part I Getting Started with Oracle Adaptive Access Manager
1
Introduction to Oracle Adaptive Access Manager
1.1
Introduction to Oracle Adaptive Access Manager
1.2
Oracle Adaptive Access Manager Features
1.2.1
Autolearning
1.2.2
Configurable Risk Engine
1.2.3
Virtual Authentication Devices
1.2.4
Device Fingerprinting
1.2.5
Knowledge-Based Authentication
1.2.6
Answer Logic
1.2.7
OTP Anywhere
1.2.8
Mobile Access Security
1.2.9
Universal Risk Snapshot
1.2.10
Fraud Investigation Tools
1.2.11
Policy Management
1.2.12
Dashboard
1.2.13
Reports
1.3
Oracle Adaptive Access Manager Component Architecture
1.4
OAAM Components
1.4.1
OAAM Admin
1.4.2
OAAM Server
1.5
Deployment Options
1.6
Oracle Adaptive Access Manager 11
g
Release 2 (11.1.2) Features
1.7
Oracle Adaptive Access Manager Releases Features Comparison
1.8
Oracle Adaptive Access Manager Releases Integration Options Comparison
1.9
System Requirements and Certification
2
Setting Up the OAAM Environment
2.1
About Setting Up the Base Environment
2.2
Prerequisites for Setting Up the OAAM Base Environment
2.3
Setting Up the CLI Environment
2.3.1
Setting Up the CLI Work Folder
2.3.2
Specifying Properties for CLI Script Startup (Optional)
2.3.3
Setting Up the Credential Store Framework (CSF) Configuration
2.3.3.1
Configuring OAAM Database Details with CSF without MBeans
2.3.3.2
Configuring OAAM Database Details with CSF with MBeans
2.3.4
Setting Up Oracle Adaptive Access Manager Database Credentials
2.3.5
Using Persistence Instead of Setting Database Credentials in the Credential Store Framework
2.4
Setting Up Encryption and Database Credentials
2.4.1
Prerequisites for Setting Up Encryption and Database Credentials
2.4.2
Setting Up the Encoded Secret Key for Encrypting Configuration Values
2.4.3
Setting Up Encoded Secret Key for Encrypting Database Values
2.4.4
Generating an Encoded Secret Key
2.4.5
Adding the Encoded Symmetric Key to the Credential Store Framework
2.4.6
Setting Up Oracle Adaptive Access Manager Database Credentials in the Credential Store Framework
2.4.7
Backing Up Database Credentials and Encoded Secret Keys for Encrypting the Database and Configuration Values
2.4.8
Changing the Encryption Algorithm
2.5
Creating OAAM Users
2.5.1
Creating OAAM Administrative Roles and User in an External LDAP Store
2.5.2
Creating OAAM Users in an Embedded LDAP Store
2.6
Importing the OAAM Snapshot
2.7
Importing IP Location Data
2.8
Setting the Time Zone Used for All Time Stamps in the OAAM Administration Console
2.9
Setting a Limit to the Number of Result Rows in the OAAM Administration Console (Optional)
2.10
Enabling One-Time Password
2.11
Securing OAAM Web Service Access
3
Getting Started with Common Administration and Navigation
3.1
Starting and Stopping Components in Your Deployment
3.2
About Access Level to the OAAM Admin Console
3.3
Signing In to Oracle Adaptive Access Manager 11
g
3.4
Using the OAAM Administration Console and Controls
3.4.1
About the Navigation Panel
3.4.2
About the Navigation Tree
3.4.2.1
Navigation Tree Structure
3.4.2.2
Navigation Tree Menu and Toolbar
3.4.3
About the Policy Tree
3.4.4
About the Management Pages
3.4.4.1
Search Pages
3.4.4.2
Detail Pages
3.4.5
About the Dashboard
3.4.6
About Online Help
3.5
Using Search, Create, and Import
3.6
Exporting Results to a Microsoft Excel Spreadsheet
Part II Customer Service and Forensics
4
Managing Customer Service Representative Cases
4.1
About Customer Service Representative Cases
4.1.1
About Cases
4.1.1.1
CSR Cases
4.1.1.2
Escalated Cases
4.1.2
About the Customer Service Representative (CSR)
4.1.3
About the CSR Manager
4.1.4
Understanding the Locked Status
4.1.5
About Temporary Allow
4.1.6
About Case Status
4.1.7
About Severity Level
4.1.8
About Expiration Date
4.1.9
About Customer Resets
4.2
Understanding CSR and CSR Manager Role Permissions
4.3
Getting Started with CSR Cases
4.4
Using the Cases Search Page
4.4.1
Searching for Cases
4.4.2
Viewing a List of Cases
4.4.3
Viewing a List Cases You are Currently Working On
4.4.4
Searching for Open and Closed Cases
4.4.5
Searching Case by Description Keyword
4.4.6
Viewing a List of Cases Using Description Keywords
4.5
Using the Case Details Page
4.5.1
Viewing Case Actions
4.5.2
Viewing Case Details
4.5.3
Viewing User Details
4.6
Viewing Case Activity
4.6.1
Viewing the Case History
4.6.2
Searching the Log of a Case
4.6.3
Viewing Escalated Case Logs and Notes
4.7
Viewing Customer's Sessions
4.7.1
Viewing a Customer's Session History
4.7.2
Searching for a Customer's Sessions
4.7.3
Searching for a Customer's Sessions by Device ID or Date Range
4.7.4
Filtering the Session History by Authentication Status or Alert Level
4.7.5
Viewing Transactions in the Sessions History
4.8
Creating a CSR Case
4.8.1
Creating a Case
4.8.2
Creating a Case Like Another Case
4.9
Performing Customer Resets
4.9.1
Resetting Image
4.9.2
Resetting Phrase
4.9.3
Resetting Image and Phrase
4.9.4
Unregistering Devices
4.9.5
Resetting OTP Profile
4.9.6
Resetting Virtual Authentication Device
4.9.7
Unlocking OTP
4.9.8
Resetting All Registration Data, Challenge Counters, and OTP Contact and Delivery Information
4.10
Performing Challenge Question Resets
4.10.1
Performing Challenge Questions Related Actions
4.10.2
Resetting Challenge Questions
4.10.3
Resetting Challenge Questions and the Question Set
4.10.4
Incrementing a Customer to the Next Question
4.10.5
Unlocking a Question (KBA)
4.10.6
Performing KBA Phone Challenge
4.11
Enabling a Temporary Allow
4.12
Performing Case Actions
4.12.1
Adding Notes to Cases
4.12.2
Changing Severity Level of a Case
4.12.3
Changing Status of a Case
4.12.3.1
Changing Case Status to Pending
4.12.3.2
Closing a Case
4.12.3.3
Open Closed Cases
4.12.4
Extending Expiration Date
4.12.5
Escalating a CSR Case to an Agent Case
4.12.6
Bulk-Editing CSR Cases
4.13
Configuring Expiry Behavior for CSR Cases
4.13.1
Disabling Expiry Behavior for CSR Cases
4.13.2
Setting Expiry Behavior of CSR Cases
4.14
Using Reporting
4.15
About Multitenancy
4.15.1
Enabling Multitenancy
4.15.2
Changing Permissions
4.15.3
About Access to Cases
4.15.4
Searching Sessions
4.15.5
Examples of Multitenancy in OAAM
4.15.5.1
CSR Creates a Case
4.15.5.2
CSR Cannot Create Case Successfully for Organization and Login Combination
4.15.5.3
CSR Can Create Case Successfully for Organization and Login Combination
4.15.5.4
CSR Has Access to More Than One Organization ID Cannot Create Case
4.15.5.5
CSR Has Access to More Than One Organization ID Can Create Case Successfully
4.15.5.6
CSR Who Cannot Access Any Organization Tries to Create Case
4.15.5.7
CSR Acts On Case
4.15.5.8
CSR Views Case Details
4.15.5.9
CSR Searches Sessions
4.15.5.10
Agent Creates a Case
4.15.5.11
CSR Searches Cases
4.16
CSR Case Scenarios
4.16.1
Customer Session Search and Case Creation Scenario
4.16.2
Resetting Challenge Questions Scenario
4.16.3
Resetting Image and Phrase Scenario
4.16.4
Bulk Editing CSR Case Scenario
4.16.5
CSR Manager Bulk Case Editing Scenario
4.16.6
Ask Questions Flow Scenario
4.17
Best Practices and Recommendations for CSR Cases
5
Using Agent Cases for Fraud Investigation
5.1
About Fraud Investigation
5.1.1
About Fraud Investigation
5.1.2
About Fraud Investigation Roles
5.1.3
About Multitenant Access Control
5.1.4
About Agent Cases
5.1.5
Understanding Agent Cases Creation
5.1.5.1
Manually Created Case
5.1.5.2
Auto-Generated Case
5.1.5.3
Escalated Cases
5.1.6
Understanding Investigation Workflow
5.1.7
Understanding Case Ownership
5.1.8
About Using Agent Cases for Investigation
5.1.9
About Closing a Case
5.1.10
About Agent Case Feedback
5.2
Understanding OAAM Investigation and Analysis Using the Investigation Console
5.2.1
About the Agent Case Search Page
5.2.2
About Sessions and Transactions Search Pages
5.2.2.1
Sessions Search
5.2.2.2
Transaction Search
5.2.3
About the Utility Panel
5.2.4
About the Case Notes Panel
5.2.5
About the Compare Transactions Tab
5.2.6
About Adding and Removing Fields
5.2.7
About Adding to a Group Option
5.2.7.1
Adding Data to Group Scenario
5.2.8
About Linking Sessions to an Agent Case
5.2.9
About Agent Case Tabs
5.3
Using the Investigation Console
5.3.1
Searching for High Alerts in Sessions and Transactions
5.3.2
Searching for Suspect Transactions to Review
5.3.3
Viewing Transaction and Entity Data
5.3.4
Identifying Related Sessions and Transaction
5.3.5
Viewing Transactions from the Filtered Transaction Page
5.3.6
Comparing Parameters of Transactions and Customer Details
5.3.6.1
Comparing Transaction Data Scenario
5.3.7
Adding the Data Element Used in the Fraudulent Transactions to a Group
5.3.7.1
Searching for an Existing Group to Which to Add an Entity
5.3.7.2
Creating New Group to Add Data Element to
5.3.8
Selecting a Transaction to Link Sessions to a Case
5.3.9
Closing a Case with a Disposition
5.3.10
Searching for Auto-Generated Agent Cases with Current Status "New" and Open Case
5.3.11
Viewing Linked Sessions
5.3.12
Viewing Relevant Transaction's Details Such As Transactional and Summary Data
5.3.12.1
View Summary Information
5.3.12.2
Viewing Transaction Data
5.3.12.3
Viewing Session Data
5.3.13
Viewing Transaction or Session Oriented Results
5.3.14
Comparing Multiple Instances of the Same Transactions
5.3.14.1
Comparing Transaction Data Scenario
5.3.15
Adding Case Notes
5.3.16
Closing a Case with a Disposition
5.3.17
Opening a Newly Escalated Case
5.3.18
Viewing Case Logs
5.3.19
Viewing User Data
5.3.20
Viewing Case Details
5.3.21
Searching for Potentially Suspicious Sessions Based on Various Criteria
5.3.22
Viewing a List of Sessions Matching Specified Criteria
5.3.23
Viewing Forensic Record and Details of a Session
5.3.23.1
Session Summary
5.3.23.2
Checkpoints
5.3.23.3
Session Transactions
5.3.23.4
Session User
5.3.23.5
Session Device
5.3.23.6
Session Location
5.3.23.7
Query By Example
5.3.24
Searching for Transactions
5.3.25
Searching for Transactions by Entities of a Single Transaction Type
5.3.25.1
Searching by Entity Fields Scenario
5.3.25.2
Searching for ATM Transactions By ATM Card Scenario
5.3.25.3
Listing All Account Numbers and Amount Transferred Each Time Scenario
5.3.26
Searching Transactions by a Combination of Entities and Transaction Data
5.3.26.1
Searching by Entity and Transaction Data Scenario
5.3.27
Searching Transactions by Entities Across Multiple Transaction Types
5.3.27.1
Searching Credit Card in Different Transactions (Shopping Cart and Retail Ecommerce) Scenario
5.3.28
Opening Details Pages from Sessions Search Page
5.3.29
Viewing a Particular Alert for a Session
5.3.30
Viewing Transaction Search Results
5.3.30.1
Viewing Transaction Details Scenario
5.3.31
Linking Sessions to a New Case
5.3.32
Linking Sessions to a Case from Case Details
5.3.33
Verifying Entities in a Group
5.3.34
Exporting Linked Session for Further Analysis
5.3.35
Unlinking Linked Sessions
5.3.36
Saving Case Details for Later Reference, Portability and Offline Investigation
5.3.37
Using OAAM BI Publisher Reports for Investigation and Forensics
5.3.37.1
Session Activity Aggregates
5.3.37.2
Searching Sessions By Case Disposition
5.4
Managing Cases
5.4.1
Searching for Agent Cases
5.4.2
Creating Agent Cases
5.4.2.1
Creating an Agent Case Manually
5.4.2.2
Creating a Case Like Another Agent Case
5.4.2.3
Search and Select and Create a New Case Feature
5.4.2.4
Setting Up OAAM to Create an Agent Case Automatically
5.4.3
Closing Multiple Cases
5.4.4
Changing Severity Level of a Case
5.4.5
Changing Status of a Case
5.4.5.1
Changing the Status of a Case Manually
5.4.6
Bulk-Editing Agent Cases
5.4.7
Configuring Agent Case Access
5.4.8
Adding a New Case Status
5.4.9
Adding New Case Severity
5.4.10
Adding New Alert Levels
5.4.11
Adding Canned Notes to Case Status
5.4.12
Configuring Auto Change for Case Status
5.4.13
Configuring Expiry Behavior for Agent Cases
5.4.13.1
Disable Expiry Behavior for Agent Cases
5.4.13.2
Set Expiry Behavior for Agent Cases
5.5
Best Practices and Recommendations for Agent Cases
6
Viewing Additional Details for Investigation
6.1
Details Pages Overview
6.2
About Details Page Structure
6.3
Prerequisites for Viewing Details Pages
6.3.1
Multitenant Access
6.3.2
Viewing Transactions in Session Details
6.4
Searching for Sessions
6.5
Exporting Sessions to a Microsoft Excel Spreadsheet
6.6
Adding to Group
6.6.1
Adding to Group From Sessions
6.6.2
Adding to Group from Details Pages
6.7
Using the Session Details Page
6.8
Looking at Events from a Higher Level with Session Details
6.8.1
Using the Policy Explorer
6.8.2
Using Session Details to View Runtime Information
6.9
About Investigation and the Importance of Details Pages
6.10
Viewing Alerts
6.11
Using the User Details Page
6.11.1
User Details: Summary Tab
6.11.2
User Details: Groups Tab
6.11.3
User Details: Devices Tab
6.11.4
User Details: Locations Tab
6.11.5
User Details: Sessions Tab
6.11.6
User Details: Alerts Tab
6.11.7
User Details: Fingerprint Data
6.11.8
User Details: Policies Tab
6.11.9
User Details Tasks
6.11.9.1
View general user information, registration information, and profile information
6.11.9.2
View the actions performed by the user during registration
6.11.9.3
View statistics about the user
6.11.9.4
Search and view different devices used for a user to obtain additional information
6.11.9.5
Search and view the different user groups with which a user is associated
6.11.9.6
Search and view different locations used for a user to obtain additional information
6.11.9.7
Search and view all the alerts triggered and generated for the user
6.11.9.8
Search and view all the login sessions or search login sessions for a particular period for the user
6.11.9.9
View the rules run on the user
6.11.9.10
Search and view the fingerprints created for the user
6.11.9.11
Add user to user group
6.11.9.12
Create a new user group and add user to the newly created group
6.11.9.13
Remove user from user group
6.11.9.14
Navigate to other details pages for groups, alerts, devices, locations, sessions, policy, rules and fingerprints
6.12
Using the IP or Locations (Country, State, or City) Details Page
6.12.1
Location Details: Summary Tab
6.12.2
Location Details: Groups Tab
6.12.3
Location Details: Users Tab
6.12.4
Location Details: Devices Tab
6.12.5
Location Details: Sessions Tab
6.12.6
Location Details: Alerts Tab
6.12.7
Location Details: Fingerprint Tab
6.12.8
Location (Country, State, City, or IP) Details Tasks
6.12.8.1
View general information about the location
6.12.8.2
Search and view the different location groups to which a location is associated or belongs
6.12.8.3
Add location to existing location group
6.12.8.4
Create a location group and add location to it
6.12.8.5
Search and view the different users that logged in from the location obtain additional information
6.12.8.6
Search and view the different devices that logged in from the location obtain additional information
6.12.8.7
Search and view all the alerts triggered and generated for the location
6.12.8.8
Search and view all the login sessions or search login sessions for a particular period for the location
6.12.8.9
Search and view the fingerprints created for the location
6.12.8.10
Navigate to other details pages for groups, alerts, devices, users, sessions and fingerprints
6.13
Using the Device Details Page
6.13.1
Device Details: Summary Tab
6.13.2
Device Details: Groups Tab
6.13.3
Device Details: Users Tab
6.13.4
Device Details: Locations Tabs
6.13.5
Device Details: Sessions Tab
6.13.6
Device Details: Alerts Tab
6.13.7
Device Details: Fingerprint Data Tab
6.13.8
Device Details Tasks
6.13.8.1
View general information about the device
6.13.8.2
View fingerprint information created for the device
6.13.8.3
Search and view the different device groups to which a device is associated or belongs
6.13.8.4
Add/Remove Device from a Device Group
6.13.8.5
Create a device group and add device to it
6.13.8.6
Search and view the different users that used the device to log in to obtain additional information
6.13.8.7
Search and view the different locations from which the device was used for log in to obtain additional information
6.13.8.8
Search and view all the alerts triggered and generated for the device
6.13.8.9
Search and view all the login sessions or search login sessions for a particular period for the device
6.13.8.10
Search and view the fingerprints created for the device
6.13.8.11
Navigate to other details pages for groups, alerts, users, locations, sessions and fingerprints
6.14
Using the Fingerprint Details Page
6.14.1
Fingerprint Details: Summary Tab
6.14.2
Fingerprint Details: Users Tab
6.14.3
Fingerprint Details: Devices Tab
6.14.4
Fingerprint Details: Locations Tab
6.14.5
Fingerprint Details: Sessions Tab
6.14.6
Fingerprint Details: Alerts Tab
6.14.7
Fingerprint Details Tasks
6.14.7.1
View digital fingerprint details
6.14.7.2
View browser fingerprint details
6.14.7.3
Search and view the different users for which the fingerprint was used
6.14.7.4
Search and view the different devices for which the fingerprint was used
6.14.7.5
Search and view the different locations for which the fingerprint was used
6.14.7.6
Search and view all the login sessions or search login sessions for a particular period for the fingerprint
6.14.7.7
Navigate to other details pages for users, devices, sessions and locations
6.15
Using the Alert Details Page
6.15.1
Alert Details: Summary Tab
6.15.2
Alert Details: Users Tab
6.15.3
Alert Details: Devices Tab
6.15.4
Alert Details: Locations Tab
6.15.5
Alert Details: Sessions Tab
6.15.6
Alerts Details: Fingerprint Data
6.15.7
Alert Details Tasks
6.15.7.1
View general information about the alert
6.15.7.2
View alert groups with which an alert is associated
6.15.7.3
Add alert from alert groups
6.15.7.4
Create an alert group and add an alert to it
6.15.7.5
Search and view the different users for which the alert was generated
6.15.7.6
Search and view the different devices for which the alert was generated
6.15.7.7
Search and view the different locations for which the alert was generated
6.15.7.8
Search and view all the login sessions or search login sessions for a particular period for the alert
6.15.7.9
Search and view the fingerprints created
6.15.7.10
Navigate to other details pages for groups, users, devices, locations, sessions and fingerprints
6.16
Using Session Details Scenarios
6.16.1
Searching Sessions Scenario
6.16.2
Using Session Details Page Scenario
6.16.3
Checking for Fraudulent Devices and Adding Them to a Group Scenario
6.16.4
Exporting the Sessions from the Last One Week
6.16.5
Using User Details, Fingerprint Details Scenario
6.16.6
Using Device and Location Details Scenario
6.16.7
Reviewing IP Details and Adding to Group Scenario
6.16.8
Viewing the Sessions from a Range of IP Addresses
6.16.9
Checking If a User Failed to Login From a Particular Device or IP
6.16.10
Checking If Users Logging In from This IP Used Spanish Browsers
6.16.11
Adding Devices Used for Fraud from a Location To a Risky Group Scenario
6.16.12
Adding Suspicious Device to High Risk Device Group Scenario
6.16.13
Marking Devices and IP Addresses as High Risk Scenario
6.16.14
Searching for Suspicious Sessions and Adding Devices to High Risk Group Scenario
6.16.15
Searching Sessions by Alert Message Scenario
6.16.16
Searching Sessions by Geography Scenario
6.16.17
Searching by Comma Separated Values Scenario
6.16.18
Exporting Rows from Search Sessions Results to Microsoft Excel Spreadsheet Scenario
6.16.19
Exporting Columns from Search Sessions Results to Microsoft Excel Spreadsheet Scenario
Part III Configuring and Managing Knowledge-Based Authentication and One-Time Password
7
Managing Knowledge-Based Authentication
7.1
Knowledge-Based Authentication Concepts
7.1.1
About Knowledge-Based Authentication
7.1.2
About KBA User Flows
7.1.3
About KBA Registration
7.1.4
About the Challenge Response Process
7.1.5
About Challenge Response Configuration
7.1.6
About Challenge Questions
7.1.7
About the Question Set
7.1.8
About KBA Registration Logic
7.1.9
About Answer Logic
7.1.10
About Failure Counters
7.1.11
About KBA Resets
7.1.11.1
Reset Challenge Questions
7.1.11.2
Reset Challenge Questions and the Set of Questions to Choose From
7.1.11.3
Increment User to the Next Question
7.1.11.4
Unlock a User
7.1.11.5
Ask Question (KBA Phone Challenge)
7.1.12
About the Locked Status
7.2
Accessing Configurations in KBA Administration
7.3
Roadmap to Setting Up KBA
7.3.1
Importing the OAAM Snapshot
7.3.2
Setting KBA Properties
7.3.2.1
Enabling KBA
7.3.2.2
Disabling KBA
7.3.2.3
Controlling the Listing of Challenge Questions
7.3.2.4
Randomizing Challenge Questions
7.3.2.5
Moving Question Sequentially on Successful Answers
7.3.3
Configuring Policies and Rules for Registration and Challenge
7.3.4
Linking Policies to User Groups
7.3.5
Configuring Validation for Answer Registration
7.3.6
Configuring Answer Logic (Level of Exactness in Challenge Answers)
7.3.6.1
Common Response Errors
7.3.6.2
Level of Answer Logic
7.3.6.3
Configuring Answer Validation
7.3.7
Configuring Registration Logic
7.3.8
Creating New Challenge Questions
7.3.9
Creating New Categories
7.4
Managing Challenge Questions
7.4.1
Searching for a Challenge Question
7.4.2
Viewing Challenge Question Details and Statistics
7.4.3
Creating a Challenge Question Like Another Question
7.4.4
Editing a Challenge Question
7.4.5
Importing Challenge Questions
7.4.6
Exporting Challenge Questions
7.4.7
Deleting a Challenge Question
7.4.8
About Disabling Question and Category Logic
7.4.9
Disabling a Challenge Question
7.4.10
Activating Challenge Questions
7.5
Managing Validations in the System for Answer Registration
7.5.1
Using the Validations Page
7.5.2
Adding a New Validation
7.5.3
Editing an Existing Validation
7.5.4
Importing Validations
7.5.5
Exporting Validations
7.5.6
Deleting Validations
7.6
Managing Categories
7.6.1
Searching for a Category
7.6.2
Editing a Category
7.6.3
Deleting Categories
7.6.4
Activating Categories
7.6.5
Deactivating Categories
7.7
Managing Global and Local Validations in Answer Registration
7.7.1
About Global and Local Validations in Answer Registration
7.7.2
Configuring Local Validation in Answer Registration
7.7.3
Deleting Global Validations In Answer Registration
7.8
Customizing English Abbreviations and Equivalences for Answer Logic
7.9
Migrating to 11.1.2
7.10
KBA Scenarios
7.10.1
Create Challenge Question Scenario
7.10.2
Setting Up KBA Registration Logic Scenario
7.10.3
CSR Authenticating a User by KBA Phone Challenge Scenario
7.10.4
Challenge Question Edits
7.10.5
KBA Answer Logic Edits
7.11
KBA Guidelines and Recommended Requirements
7.11.1
How Often to Challenge Users
7.11.2
Phased Rollout for Registration
7.11.2.1
Phase 1 - No Registration
7.11.2.2
Phase 2 - Optional Registration
7.11.3
Designing Challenge Questions
7.11.4
Tips for Managing Challenge Questions
7.11.5
Answer Input Recommended Requirements
7.11.6
Other KBA Recommended Requirements
8
Setting Up OTP Anywhere
8.1
OTP Anywhere
8.2
One-Time Password Risk-Based Challenge Mechanism Concepts
8.2.1
About One-Time Password
8.2.2
About Out-of-Band OTP Delivery
8.2.3
How Does OTP Work?
8.2.4
About OTP Failure Counters
8.2.5
About Challenge Types
8.2.6
About KBA vs. OTP
8.3
Quick Start
8.4
Roadmap to OTP Setup
8.5
Prerequisites to Configuring OTP
8.5.1
Installing SOA Suite
8.5.2
Configuring the Oracle User Messaging Service Driver
8.5.2.1
Email Driver
8.5.2.2
SMPP Driver
8.6
Enabling Registration and Preferences
8.7
Enabling OTP Challenge
8.8
Setting Properties in OAAM for User Messaging Service (UMS) Integration
8.9
Setting Up the Registration Page
8.9.1
Enabling Opt-Out for OTP Registration and Challenge
8.9.2
Configuring Check Boxes and Fields on the Registration Pages
8.9.2.1
Configuring Terms and Conditions Check Boxes
8.9.2.2
Configuring Text Fields on Registration and Preference Pages
8.10
Configuring Policies and Rules to Use OTP Challenge
8.11
Customizing OTP Registration Text and Messaging
8.11.1
Customizing Terms and Conditions
8.11.2
Customizing Mobile Input Registration Fields
8.11.3
Customizing Registration Page Messaging
8.11.4
Customizing Challenge Messaging
8.11.5
Customizing the OTP Messaging
8.12
Other Configuration Tasks
8.12.1
Configuring OAAM Server to Connect to Multiple UMS Servers to Send OTP
8.12.1.1
Specifying a Comma-Separated List for Multiple User Messaging Service URLs
8.12.1.2
Adding User-Defined Enums for Multiple User Messaging Service URLs
8.12.2
Configuring One-Time Password Expiry Time
8.12.3
Configuring One-Time Password Generation
8.12.4
Configuring Failure Counter
8.12.5
Configuring Challenge Type Devices for OTP
8.12.6
Configuring Challenge Choice
8.12.6.1
Configuring Challenge Choice Messaging
8.12.6.2
Customizing Challenge Choice Messaging
8.12.6.3
Configuring Challenge Choice Display
8.12.6.4
Configuring Other Challenge Choice Properties
8.12.6.5
Configuring Policies for Challenge Choice
9
KBA and OTP Challenge Scenarios
9.1
Using KBA and OTP
9.2
Risk Range for KBA and OTP
9.3
KBA and OTP Scenarios
9.3.1
Always Challenge by Group
9.3.2
CSR OTP Profile Reset with High Risk Always Challenge by Group
9.3.3
Unregistered Low Risk User (Risk Score 500 or Below)
9.3.4
Registered Low Risk User (Risk Score 500 or Below)
9.3.5
Unregistered High Risk User (Risk Score Above 500)
9.3.6
Registered High Risk User (Risk Score Above 500)
9.3.7
Register High Risk Lockout
9.3.8
High Risk Exclusion
9.3.9
OTP Challenge with Multi-Bucket Patterns
Part IV Managing Policy Configuration
10
OAAM Policy Concepts and Reference
10.1
About Policies Available with OAAM
10.2
Security Administrator Role in Rule-Related Activity
10.3
Basic Concepts
10.3.1
What are Conditions?
10.3.2
What Are Rules?
10.3.3
What are Policies?
10.3.4
What are Action and Alerts?
10.3.5
What is a Policy Set?
10.3.6
What is a Score?
10.3.6.1
What is a Scoring Engine?
10.3.6.2
What is Weight?
10.3.6.3
What is Score Propagation?
10.3.6.4
How Does Risk Scoring Work?
10.3.7
What are Trigger Combinations?
10.3.7.1
How Do Trigger Combinations Work?
10.3.7.2
What are Nested Policies?
10.3.8
What is a Scoring Override?
10.3.9
What are Action and Alert Overrides?
10.3.10
What are Groups?
10.3.10.1
Using Groups
10.3.10.2
User Group Linking
10.3.10.3
Using Action and Alert Groups
10.4
About Rule Processing
10.4.1
Rules Engine
10.4.2
Order of Condition
10.4.3
Condition Evaluation
10.4.4
Checkpoints
10.4.5
Controlling the Application Flow
10.4.6
Messaging
10.4.7
Rule Processing Example: How the OAAM Device Max Velocity Rule Settings Work?
10.4.8
How "Then Trigger" Setting Works
10.4.9
Condition Evaluation Example: User: Velocity from Last Success
10.5
About OAAM Authentication, Password Management and Customer Care Flows
10.5.1
Authentication Flow
10.5.2
Forgot Password Flow
10.5.3
Reset Password (KBA-Challenge) Flow
10.5.4
Mobile Service Flows with OAAM
10.6
About OAAM Security and Autolearning Policies
10.6.1
OAAM Pre-Authentication
10.6.1.1
OAAM Pre-Authentication Policy Summary
10.6.1.2
OAAM Pre-Authentication Flow
10.6.1.3
OAAM Pre-Authentication Rules
10.6.1.4
OAAM Pre-Authentication Trigger Combinations
10.6.2
OAAM Base Device ID Policy
10.6.2.1
OAAM Base Device ID Policy Summary
10.6.2.2
OAAM Base Device ID Flow
10.6.2.3
OAAM Base Device Policy Rules
10.6.2.4
OAAM Base Device ID Policy: Trigger Combinations
10.6.3
OAAM Mobile Device ID Policy
10.6.3.1
OAAM Mobile Device ID Policy Summary
10.6.3.2
OAAM Mobile Device ID Flow
10.6.3.3
OAAM Mobile Device ID Policy Rules
10.6.3.4
OAAM Mobile Device ID Policy: Trigger Combinations
10.6.4
OAAM AuthentiPad
10.6.4.1
OAAM AuthentiPad Policy Summary
10.6.4.2
OAAM AuthentiPad Flow
10.6.4.3
OAAM AuthentiPad Rules
10.6.4.4
OAAM AuthentiPad: Trigger Combinations
10.6.5
OAAM Post-Authentication Security
10.6.5.1
OAAM Post-Authentication Security Policy Summary
10.6.5.2
OAAM Post-Authentication Security Flow
10.6.5.3
OAAM Post-Authentication Security Rules
10.6.5.4
OAAM Post-Authentication Security: Trigger Combinations
10.6.6
OAAM Mobile and Social Integration Post-Authentication Security
10.6.6.1
OAAM Mobile and Social Integration Post-Authentication Security Summary
10.6.6.2
OAAM Mobile and Social Integration Post-Authentication Security Flow
10.6.6.3
OAAM Mobile and Social Integration Post-Authentication Security Rules
10.6.6.4
OAAM Post-Authentication Security: Trigger Combinations
10.6.7
OAAM Predictive Analysis
10.6.7.1
OAAM Predictive Analysis Policy Summary
10.6.7.2
OAAM Predictive Analysis Flow
10.6.7.3
OAAM Predictive Analysis Policy Rules
10.6.7.4
OAAM Predictive Analysis Policy: Trigger Combination
10.6.8
Autolearning (Pattern-Based) Policy: OAAM Does User Have Profile
10.6.8.1
OAAM Does User Have Profile Policy Summary
10.6.8.2
OAAM Does User Have Profile Flow
10.6.8.3
OAAM Does User Have Profile Rules
10.6.8.4
OAAM Does User Have Profile: Trigger Combination
10.6.9
Autolearning (Pattern-Based) Policy: OAAM Users vs. Themselves
10.6.9.1
OAAM Users vs. Themselves Policy Summary
10.6.9.2
OAAM Users vs. Themselves Flow
10.6.9.3
OAAM Users vs. Themselves Rules
10.6.9.4
OAAM Users vs. Themselves: Trigger Combinations
10.6.10
Autolearning (Pattern-Based) Policy: OAAM Users vs. All Users
10.6.10.1
OAAM Users vs. All Users Policy Summary
10.6.10.2
OAAM Users vs. All Users Flow
10.6.10.3
OAAM Users vs. All Users Rules
10.6.10.4
OAAM Users vs. All Users: Trigger Combinations
10.6.11
OAAM Registration
10.6.11.1
OAAM Registration Policy Summary
10.6.11.2
OAAM Registration Flow
10.6.11.3
OAAM Registration Rules
10.6.11.4
OAAM Registration: Trigger Combinations
10.6.12
OAAM Challenge
10.6.12.1
OAAM Challenge Policy Summary
10.6.12.2
OAAM Challenge Flow
10.6.12.3
OAAM Challenge Rules
10.6.12.4
OAAM Challenge: Trigger Combinations
10.6.13
OAAM Customer Care Ask Question
10.6.13.1
OAAM Customer Care Ask Question Policy Summary
10.6.13.2
OAAM Customer Care Ask Question Rules
10.6.13.3
OAAM Customer Care Ask Question: Trigger Combinations
10.7
Use Cases
10.7.1
Use Case: WebZIP Browser
10.7.2
Use Case: IP Address Risky User OTP Challenge
10.7.3
Use Case: Anonymizer IP Address - From the Group
10.7.4
Use Case: Pattern Based Evaluation
11
Managing Policies, Rules, and Conditions
11.1
Familiarizing Yourself with OAAM Policies
11.2
About Discovery and Policy Development
11.2.1
Security Policy Development Process
11.2.1.1
Overview
11.2.1.2
Edit Policy: Research and Troubleshooting
11.2.1.3
New Policy: Discovery and Research
11.2.1.4
Edit Existing or Create New Policy: Requirements and Planning
11.2.1.5
Edit Existing or Create New Policy: Configuration
11.2.1.6
Edit Existing or Create New Policy: Testing
11.2.1.7
Edit Existing or Create New Policy: Deployment to Production
11.2.2
Discovery Process Overview
11.2.3
Example Scenario: Transaction Security
11.2.3.1
Problem Statement
11.2.3.2
Inputs Available
11.2.3.3
Evaluation
11.2.3.4
Outcomes
11.2.3.5
Translation
11.2.3.6
Alert
11.2.4
Example Scenario: Login Security
11.2.4.1
Problem Statement
11.2.4.2
Inputs Available
11.2.4.3
Evaluation
11.2.4.4
Outcome
11.2.4.5
Translation
11.2.4.6
Action
11.2.5
Evaluation and Deployment
11.3
Creating Policies
11.4
Linking a Policy to All Users or a User ID Group
11.5
Creating Rules
11.5.1
Starting the Rule Creation Process
11.5.2
Specifying General Rule Information
11.5.3
Configuring Preconditions
11.5.4
Adding Conditions to a Rule
11.5.5
Specifying Results for the Rule
11.5.6
Adding or Copying a Rule to a Policy
11.6
Setting Up Trigger Combinations
11.7
Using Groups in Policies, Rules, and Conditions
11.8
Managing Policies
11.8.1
Navigating to the Policies Search Page
11.8.2
Searching for a Policy
11.8.3
Viewing a Policy or a List of Policies
11.8.4
Viewing Policy Details
11.8.5
Editing a Policy's General Information
11.8.6
Activate/Disable Policies
11.8.7
Deleting Policies
11.8.8
Copying a Policy to Another Checkpoint
11.8.9
Copying a Rule to a Policy
11.8.10
Changing the Sequence of the Trigger Combination
11.8.11
Deleting a Trigger Combination
11.9
Managing Rules
11.9.1
Navigating to the Rules Search Page
11.9.2
Searching for Rules
11.9.3
Viewing More Details of a Rule
11.9.4
Editing Rules
11.9.5
Editing Rule Parameters
11.9.6
Activate/Disable Rule
11.9.7
Deleting Rules
11.9.8
Deleting Conditions from a Rule
11.10
Managing Conditions
11.10.1
Searching Conditions
11.10.2
Viewing the Condition Details of a Rule
11.10.3
Changing the Order of Conditions in a Rule
11.10.4
Deleting Conditions
11.11
Exporting and Importing
11.11.1
Exporting a Policy
11.11.2
Importing Policies
11.11.3
Importing a Policy With the Same Name as an Existing Policy
11.11.4
Importing Conditions
11.11.5
Exporting a Condition
11.12
Evaluating a Policy within a Rule
11.13
Best Practices
12
Evaluating Rules Context
12.1
Enabling Passing of HTTP Request Parameters and Headers for Rules Evaluation
12.2
Using HTTP Request Parameters and Headers for Rules Evaluation
13
Managing Groups
13.1
About Groups
13.1.1
About Group Types
13.1.2
About Group Characteristics
13.1.3
About Group Usage
13.2
Navigating to the Groups Search Page
13.3
Searching for a Group
13.4
Viewing Details about a Group
13.5
Creating a Group
13.5.1
Defining a Group
13.5.2
Adding Members to a Group
13.5.3
Adding ASN, Generic Integers, Generic Longs, Generic Strings, IP Carriers, Second-Level Domains, and Top Level Domains to a Group
13.5.4
Adding Cities, States, or Countries to a Group of Cities, States, or Countries
13.5.4.1
Adding Cities to a Group of Cities
13.5.4.2
Adding States to a Group of States
13.5.4.3
Adding Countries to a Group of Countries
13.5.5
Adding IP Range, User ID, Devices, User Names, IP Addresses, and Internet Service Providers to a Group
13.5.5.1
Selecting an Element to Add as a Member to the Group
13.5.5.2
Creating an Element (Member) to Add to the Group
13.5.6
Adding Alerts to an Alert Group
13.5.6.1
Selecting an Existing Alert to Add to the Alert Group
13.5.6.2
Creating a New Alert to Add to the Alert Group
13.5.7
Adding Authentication Status, Connection Type, Connection Speed, Routing Type, Transaction Status, and Actions to a Group
13.5.7.1
Selecting an Element to Add as a Member to the Group
13.5.7.2
Adding Actions to an Action Group
13.5.8
Adding an Entity to an Entities Group
13.6
Managing Groups
13.6.1
Editing a Member of a Group
13.6.2
Removing Members of a Group
13.6.3
Removing a User from a User Group
13.6.4
Exporting and Importing a Group
13.6.4.1
Exporting a Group
13.6.4.2
Importing a Group
13.6.5
Deleting Groups
13.6.6
Updating a Group Directly
13.7
Use Cases
13.7.1
Use Case: Migration of Groups
13.7.2
Use Case: Create Alert Group and Add Members
13.7.3
Use Case: Remove User from Group
13.7.4
Use Case: Block Users from a Black-listed Country
13.7.5
Use Case: Company Wants to Block Users
13.7.5.1
Create Country Blacklist Policy (1): Create Fraudulent Country Policy and Rule
13.7.5.2
Create Country Blacklist Policy (2): Create Country Group
13.7.5.3
Create Country Blacklist Policy (3): Create Fraud High Alert Group
13.7.5.4
Create Country Blacklist Security Policy (4 of 5): Create Block Action Group
13.7.5.5
Create Country Blacklist Security Policy (5 of 5): Attach Groups to Fraudulent Country Rule
13.7.6
Use Case: Block Users from Certain Countries
13.7.7
Use Case: Allow Only Users from Certain IP Addresses
13.7.8
Use Case: Check Users from Certain Devices
13.7.9
Use Case: Monitor Certain Users
13.8
Best Practices
14
Managing the Policy Set
14.1
Introduction and Concepts
14.1.1
Policy Set
14.1.2
Action and Score Overrides
14.1.3
Before You Begin
14.2
Navigating to the Policy Set Details Page
14.3
Viewing Policy Set Details
14.4
Adding or Editing a Score Override
14.5
Adding or Editing an Action Override
14.6
Editing a Policy Set
14.7
Use Cases
14.7.1
Use Case: Policy Set - Overrides
14.7.2
Policy Set - Overrides (Order of Evaluation)
14.8
Best Practices for the Policy Set
Part V Autolearning
15
Managing Autolearning
15.1
Autolearning Introduction and Concepts
15.1.1
Autolearning
15.1.2
Patterns
15.1.3
Member Types and Attributes
15.1.4
Buckets
15.1.5
Pattern Rules Evaluations
15.1.6
Bucket Population
15.2
Quick Start for Enabling Autolearning for Your System
15.3
Before You Use Autolearning
15.3.1
Importing Base Authentication-Related Entities
15.3.2
Enabling Autolearning Properties
15.3.3
Importing Autolearning Policies into the Server
15.3.4
Using Autolearning in Native Integration
15.4
User Flows
15.4.1
Creating a New Pattern
15.4.2
Editing a Pattern
15.5
Navigating to the Patterns Search Page
15.6
Searching for a Pattern
15.7
Navigating to the Patterns Details Page
15.8
Viewing Pattern Details
15.8.1
Viewing Details of a Specific Pattern
15.9
Creating and Editing Patterns
15.9.1
Creating a Pattern
15.9.2
Adding Attributes
15.9.3
Activating and Deactivating Patterns
15.9.3.1
Activating Patterns
15.9.3.2
Deactivating Patterns
15.9.4
Editing the Pattern
15.9.5
Changing the Status of the Pattern
15.9.6
Adding or Changing Member Types
15.9.7
Changing the Evaluation Priority
15.9.8
Editing Attributes
15.9.9
Deleting Attributes
15.10
Importing and Exporting Patterns
15.10.1
Importing Patterns
15.10.2
Exporting Patterns
15.11
Deleting Patterns
15.12
Using Autolearning Data/Profiling Data
15.12.1
Create a Policy that Uses Autolearning Conditions
15.12.2
Associate Autolearning Condition with Policy
15.12.3
Check Session Details
15.13
Using Transaction-Based Patterns
15.14
Checking if Autolearning Pattern Analysis Functioning
15.15
Checking if Autolearning Rules are Functioning
15.16
Debugging Autolearning
15.17
Optimizing the Update of Workflow Tables in Patterns
15.18
Autolearning Properties
15.19
Pattern Attributes
15.20
Pattern Attributes Operators
15.20.1
For Each
15.20.2
Equals
15.20.3
Less Than
15.20.4
Greater Than
15.20.5
Less Than Equal To
15.20.6
Greater Than Equal To
15.20.7
Not Equal
15.20.8
In
15.20.9
Not In
15.20.10
Like
15.20.11
Not Like
15.20.12
Range
15.20.12.1
Fixed Range
15.20.12.2
Fixed Range with Steps (or Increment)
15.20.12.3
Upper Unbound Ranges with Steps
15.21
Use Cases
15.21.1
Use Case: Challenge Users If Log In Different Time Than Normally
15.21.2
Use Case: Test a Pattern
15.21.3
Use Case: Track Off-Hour Access
15.21.4
Use Case: User Logs in During a Certain Time of Day More Than X Times
15.21.5
Use Case: Patterns Can have Multiple Member Types
15.21.6
Use Case: City Usage
15.21.7
Use Case: Autolearning Adapts to Behavior of Entities
15.21.8
Use Case: Single Bucket Pattern
15.21.9
Use Case: Using Pattern
15.21.10
Use Case: Logins from Out of State
15.21.11
Use Case: Wire Transfer Dollar Amount Pattern
15.21.12
Use Case: HR Employee Record Access Pattern per User
15.21.13
Use Case: HR Employee Record Access Pattern for All Users
15.21.14
Use Case: Shipping Address Country Pattern
15.21.15
Use Case: Shipping Address Country Pattern and Billing Mismatch
15.21.16
Use Case: Shipping Address Country IP Pattern
15.21.17
Use Case: Browser Locale Pattern
15.21.18
Use Case: Credit Card by Shipping Address Country Pattern
15.21.19
Use Case: Credit Card by Dollar Amount Range and Time Pattern
16
Managing Configurable Actions
16.1
Introducing Configurable Actions
16.1.1
Configurable Actions
16.1.2
Action Templates
16.1.3
Deploying a Configurable Action
16.2
Creating Configurable Actions Roadmap
16.2.1
Define New Action Template
16.2.2
Use Existing Action Template
16.2.3
Create Action Instance
16.3
Navigating to the Action Templates Search Page
16.4
Searching for Action Templates
16.5
Creating a New Action Template
16.6
Navigating to the Action Instances Search Page
16.7
Searching for Action Instances
16.8
Creating Action Instances
16.8.1
Creating an Action Instance and Adding it to a Checkpoint
16.8.2
Creating a Custom Action Instance
16.9
Managing Action Templates
16.9.1
Viewing Action Template Details
16.9.2
Editing an Action Template
16.9.3
Exporting Action Templates
16.9.4
Importing Action Templates
16.9.5
Moving an Action Template from a Test Environment
16.9.6
Deleting Action Templates
16.10
Managing Action Instances
16.10.1
Viewing a List of Configurable Action Instances
16.10.2
Viewing the Details of an Action Instance
16.10.3
Editing an Action Instance
16.10.4
Deleting an Existing Action Instance
16.11
Using Standard Configurable Actions
16.11.1
Defining CaseCreationAction
16.11.2
Defining AddItemtoListAction
16.11.3
Add to Group
16.11.4
Defining MoveItemBetweenLists Action
16.12
Use Cases
16.12.1
Use Case: Add Device to Black List
16.12.2
Add Device to Watch-list Action Example
16.12.3
Custom Configuration Action Example
16.12.4
Use Case: Create Case
17
Configuring Predictive Analysis
17.1
Introducing Predictive Analysis
17.1.1
Predictive Analysis
17.1.2
Data Mining
17.1.3
ODM
17.1.4
Predictive Models
17.2
Prerequisites for Setting Up Predictive Analysis
17.3
Performing Initial Predictive Analysis Setup
17.4
Rebuilding the ODM Models to Provide Feedback and Updating the Training Data
17.5
Evaluating the Policy
17.6
Tuning the Predictive Analysis Rule Conditions
17.7
Adding Custom Database Views
17.8
Adding Custom Grants
17.9
Adding the New ODM Models
17.10
Adding the Custom Input Data Mappings
17.10.1
When to Use
17.10.2
Using OAAM Attributes to Build a Custom Input Data Mapping
17.10.3
Using Custom Attributes to Build a Custom Input Data Mapping
Part VI Managing Transactions
18
Modeling Transactions in OAAM
18.1
Introduction
18.2
Use Case
18.3
Setting Up the Use Case
18.4
Determining How to Model the Transaction in OAAM in OAAM Entities and Transactions
18.5
After Creating Entities and Transaction Definitions
18.6
Healthcare Domain Deployment
19
Managing Entity Definitions
19.1
Entity Concepts
19.2
Creating the Entity Definitions
19.2.1
Entity Elements
19.2.1.1
Data Elements
19.2.1.2
Display Element
19.2.1.3
ID Scheme
19.2.1.4
Linked Entities
19.2.1.5
Entity Key
19.2.2
Overview of Creating a Simple Entity Definition
19.2.3
Overview of Creating a Complex Entity Definition
19.2.4
Creating an Entity Definition
19.2.4.1
Initial Steps
19.2.4.2
Adding and Editing Data Elements
19.2.4.3
Selecting Elements for the ID Scheme
19.2.4.4
Specifying Data for the Display Scheme
19.2.4.5
Creating Associations to Reflect Relationships between Entities
19.2.4.6
Setting Up Entity Purging During Entity Creation
19.2.4.7
Activating Entities
19.2.5
What Happens When You Create an Entity Definition
19.3
Managing Entities
19.3.1
Managing Entity Associations
19.3.2
Searching for Entity Definitions
19.3.3
Viewing Details of a Specific Entity
19.3.4
Viewing Entity Usage
19.3.5
Editing the Entity
19.3.6
Removing or Unlinking Entities
19.3.7
Changing the Relationship Name
19.3.8
Importing and Exporting Entities
19.3.8.1
Exporting Entities
19.3.8.2
Importing Entities
19.3.9
Deactivating and Deleting Entities
19.3.9.1
Deactivating Entities
19.3.9.2
Deleting Entities
19.4
Setting Up Targeted Purging for Entity Data
19.5
Best Practices
20
Managing Transaction Definitions
20.1
Transaction Handling
20.2
Overview of Creating a Transaction Definition
20.3
Prerequisites for Performing Analysis on Transactions
20.4
Creating and Using Transaction Definitions
20.4.1
Open the Transactions Page
20.4.2
Create the Transaction Definition
20.4.3
Add an Existing Entity to the Transaction
20.4.4
Add a New Entity to the Transaction
20.4.5
Define Transaction Data for OAAM
20.4.6
Source Data for the Transaction from the Client's End
20.4.7
Map the Source Data
20.4.7.1
Mapping Transaction Data to the Source Data
20.4.7.2
Mapping Entities to the Source Data
20.4.7.3
Editing Mapping
20.4.8
Activate the Definition
20.4.9
Model a Policy
20.4.10
Configure Trigger Results
20.4.11
Integrate the Client Application
20.5
Managing Transaction Definitions
20.5.1
Searching for a Transaction Definition
20.5.2
Viewing Transaction Definitions
20.5.3
Editing a Transaction Definition
20.5.4
Deleting Transaction Definitions
20.5.5
Exporting Transaction Definitions
20.5.6
Importing Transaction Definition
20.5.7
Importing a Transaction Definition for an Updated Transaction Definition
20.5.8
Activating a Transaction Definition
20.5.9
Deactivating a Transaction Definition
20.6
Setting Targeted Purging for Transaction Data Per Transaction Definition
20.7
Mapping Values to Show Transaction Status in Session Details
20.8
Transaction Searches
20.9
OAAM Transaction Use Cases
20.9.1
Implementing a Transaction Use Case
20.9.2
Use Case: Transaction Frequency Checks
20.9.3
Use Case: Transaction Frequency and Amount Check against Suspicious Beneficiary Accounts
20.9.4
Use Case: Transaction Check Against Blacklisted Deposit and Beneficiary Accounts
20.9.5
Use Case: Transaction Pattern
Part VII OAAM Offline Environment
21
Using OAAM Offline
21.1
Concepts
21.1.1
What is OAAM Offline?
21.1.2
OAAM Offline Architecture
21.1.3
Jobs
21.1.4
What is a Load Job and How Do You Set One Up
21.1.5
What is a Run Job and How Do You Set One Up?
21.1.6
Load and Run Job
21.1.7
Data Loaders
21.1.8
Run Type
21.1.9
OAAM Offline User Interface
21.1.9.1
Dashboard Differences
21.1.9.2
Job Interface for Load, Run, and Load and Run
21.1.9.3
Job Queue
21.2
Access Control
21.3
Installation and Configuration of OAAM Offline System
21.3.1
Overview
21.3.2
Install OAAM Offline
21.3.3
Create the Offline Database Schema
21.3.4
Configure Database Connectivity
21.3.5
Log In to OAAM Offline
21.3.6
Environment Set Up
21.3.6.1
Import the Snapshot
21.3.6.2
Set Up Encryption and Database Credentials for Oracle Adaptive Access Manager
21.3.6.3
Set tracker.transaction.condition.computeDuration.useSystemTime
21.3.6.4
Configure Latitude and Longitude Attributes to Show in Session Details
21.3.6.5
Configure How Checkpoint Data Is Handled in Load and Run Jobs
21.3.6.6
Enable Autolearning
21.3.6.7
Enable Configurable Actions
21.3.6.8
Import IP Location Data
21.4
Scheduling Jobs
21.5
Testing Policies and Rules
21.5.1
New Deployment Using OAAM Offline
21.5.2
Existing Deployment Using OAAM Offline
21.6
What to Expect in OAAM Offline
21.7
Monitoring OAAM Offline
21.7.1
Using Dashboard to Monitor the Loader Process
21.7.2
Enable Rule Logging
21.7.3
Database Query Logs for Performance Monitoring
21.7.4
Oracle Adaptive Access Manager Server Logs
21.7.5
Database Tuning
21.7.6
Manageability
21.8
Loading from Non-Oracle or Non-Microsoft Server SQL Server Database
21.8.1
Specifying Offline Loader Database Platforms for Non-Oracle or Non-Microsoft Server SQL Server Databases
21.8.2
Creating a View of a Non-OAAM Database
21.8.2.1
The OAAM_LOAD_DATA_VIEW
21.8.2.2
Schema Examples
21.9
Changing the Checkpoints to Run
21.10
Migration
21.11
Use Cases
21.11.1
Use Case: Upgrading a Deployment with Multiple Scheduled Jobs
21.11.2
Use Case: Configure a Solution to Run Risk Evaluations Offline
21.11.3
Use Case: Run Login Analysis on the Same Data Multiple Times (Reset Data)
21.11.4
Use Case: Monitor Data Rollup
21.11.5
Use Case: Consolidation of the Dashboard Monitor Data
21.11.6
Use Case: Load Transactional Data and Run Risk Evaluations from Multiple Sources
21.11.7
Use Case: Using OAAM Offline (Standard Loading)
21.12
Best Practices
21.12.1
Configuring Worker/Writer Threads
21.12.2
Database Server with Good I/O Capability
21.12.3
Database Indexes
21.12.4
Setting Memory Buffer Size
21.12.5
Quality of Input Data
21.12.6
Configuring Device Data
21.12.7
Availability
21.12.8
OAAM Loader vs. File-based and Custom Loaders
21.12.9
Custom Loader Usage
Part VIII Scheduling Jobs
22
Scheduling and Processing Jobs in OAAM
22.1
Access Control
22.2
Introduction to OAAM Jobs
22.2.1
Job Interface
22.2.2
Job Queue
22.2.3
Searching for Jobs
22.3
Launching the Job Creation Wizard
22.3.1
Create Job: General
22.3.2
Create Job: Load Details (for Load and Load and Run Jobs)
22.3.3
Create Job: Run Details (for Run and Load and Run Jobs)
22.3.4
Create Job: Data Filters
22.3.5
Create Job: Schedule
22.3.5.1
Job Priority
22.3.5.2
Schedule Type
22.3.5.3
Cancel Time
22.3.6
Create Job: Summary
22.4
Creating Jobs
22.4.1
Creating Load Jobs
22.4.1.1
Selecting Load Job Type and Providing Job Details
22.4.1.2
Providing Load Details for Custom Loader
22.4.1.3
Providing Load Details for OAAM Data Loader
22.4.1.4
Specifying to Load All Data Created After a Given Date
22.4.1.5
Specifying to Load Data Created within a Date Range
22.4.1.6
Scheduling a Load Job that Runs Once
22.4.1.7
Scheduling a Load Job that Runs on a Regular Basis (Recurring)
22.4.1.8
Checking the Summary Details of Load Job
22.4.2
Creating Run Jobs
22.4.2.1
Selecting Run Job Type and Providing Job Details
22.4.2.2
Choosing Default or Custom Run as Run Type
22.4.2.3
Specifying Which Set of Records to Analyze
22.4.2.4
Scheduling Analysis to Run
22.4.2.5
Checking the Summary Details of the Run Job
22.4.3
Creating Load and Run Jobs
22.4.3.1
Selecting Load and Run Job Type and Providing Details
22.4.3.2
Selecting Loader Type for Load and Run Job
22.4.3.3
Specifying Data Filters for Load and Run Job
22.4.3.4
Scheduling a Load and Run Job that Runs Once
22.4.3.5
Scheduling a Load and Run Job that Runs on a Regular Basis (Recurring)
22.4.3.6
Checking the Summary Details of the Load and Run Job
22.4.4
Creating Monitor Data Rollup Jobs
22.4.4.1
About Monitor Data Rollup Jobs
22.4.4.2
Selecting Monitor Data Rollup Type and Providing Details
22.4.4.3
Specifying Rollup Unit and Cutoff Time
22.4.4.4
Scheduling a Monitor Data Rollup Job that Runs Once
22.4.4.5
Scheduling a Monitor Data Rollup that Runs on a Regular Basis (Recurring)
22.4.4.6
Checking the Summary Details of the Monitor Data Rollup
22.5
Managing Jobs
22.5.1
About Running Jobs
22.5.1.1
Bulk Risk Analytics Job Execution
22.5.1.2
Run Data Reset
22.5.1.3
Running Load and Run Jobs in Date-Range Mode
22.5.1.4
Group Populations
22.5.1.5
Pattern Buckets and Memberships
22.5.1.6
Actions, Alerts, Scores
22.5.2
Notes About Rescheduling Jobs
22.5.3
Processing a Job Immediately
22.5.4
Pausing a Job
22.5.5
Resuming a Paused Job
22.5.6
Canceling a Job
22.5.7
Enabling Jobs
22.5.8
Disabling Jobs
22.5.9
Deleting Jobs
22.5.10
Viewing Job Details
22.5.11
Viewing Instances of a Job
22.5.12
Viewing the Job Log
22.5.13
Viewing and Sorting the Job Queue
22.5.13.1
Viewing the Job Queue
22.5.13.2
Sorting the Job Queue
22.6
Editing Jobs
22.6.1
Editing Jobs
22.6.2
Editing the Monitor Data Rollup
22.7
Migration
22.8
Use Cases
22.8.1
Use Case: Load OAAM Login Data and Run Checkpoints on a Recurring Basis
22.8.2
Use Case: Load Transaction Data and Run Checkpoints on a Recurring Basis
22.8.3
Use Case: Create a Job for Immediate Execution
22.8.4
Use Case: Create a Job for Future Execution
22.8.5
Use Case: Create a Job With Recurring Execution
22.8.6
Use Case: View the Job Queue
22.8.7
Use Case: View the Logs from a Job Execution
22.8.8
Use Case: Check If the Job Ran Successfully
22.8.9
Use Case: View the Order of Execution of Jobs
Part IX Reporting and Auditing
23
Monitoring OAAM Administrative Functions and Performance
23.1
Monitoring Performance Data and Administrative Functions Using the Oracle Adaptive Access Manager Dashboard
23.1.1
What is a Dashboard?
23.1.2
Common Terms and Definitions
23.1.3
Navigation
23.1.4
Using the Dashboard in Oracle Adaptive Access Manager
23.1.4.1
Performance
23.1.4.2
Summary
23.1.4.3
Dashboards
23.2
Monitoring Performance Using the Dynamic Monitoring System
23.2.1
Login Information (Counts Only)
23.2.2
Rules Engine Execution Information (Count and Time Taken to Execute)
23.2.3
APIs Execution Information (Count and Time Taken to Execute)
23.3
Monitoring Performance Data and Administrative Functions Using Fusion Middleware Control
23.3.1
Displaying the Fusion Middleware Control
23.3.2
Displaying Base Domain 11
g
Farm Page
23.3.3
Oracle Adaptive Access Manager Cluster Home Page
23.3.4
Oracle Adaptive Access Manager Server Home Page
23.4
Use Cases
23.4.1
Use Case: Trend Rules Performance on Dashboard
23.4.2
Use Case: View Current Activity
23.4.3
Use Case: View Aggregate Data
23.4.4
Use Cases: Additional Security Administrator and Fraud Investigator Use Cases
23.4.5
Use Cases Additional Business Analyst Use Cases
23.4.6
Use Case: Viewing OTP Performance Data
24
Reporting and Auditing
24.1
Configuring OAAM Reports
24.1.1
OAAM Standard Reports
24.1.1.1
Common Reports
24.1.1.2
Devices Reports
24.1.1.3
KBA Reports
24.1.1.4
OTP Reports
24.1.1.5
Location Reports
24.1.1.6
Performance Reports
24.1.1.7
Security Reports
24.1.1.8
Summary Reports
24.1.1.9
Users Reports
24.1.2
What is Oracle BI Publisher?
24.1.3
Setting Up Oracle BI Publisher for OAAM Reports
24.1.3.1
Prerequisites
24.1.3.2
Acquiring and Installing Oracle BI Publisher
24.1.3.3
Copying OAAM Reports to the Reporting Database
24.1.3.4
Setting Up the JDBC Data Source for the OAAM Reports
24.1.4
Viewing/Running OAAM Reports
24.1.5
Setting Preferences
24.1.6
Adding Translations for the Oracle BI Publisher Catalog and Reports
24.1.7
Localizing Reports
24.1.8
Scheduling a Report
24.1.9
Creating Custom OAAM Reports
24.1.9.1
Creating a Data Model
24.1.9.2
Mapping User Defined Enum Numeric Type Codes to Readable Names
24.1.9.3
Adding Lists of Values
24.1.9.4
Adding Geolocation Data
24.1.9.5
Adding Sessions and Alerts
24.1.9.6
Example
24.1.9.7
Adding Layouts to the Report Definition
24.1.10
Building OAAM Transactions Reports
24.1.10.1
Getting Entities and Transactions Information
24.1.10.2
Discovering Entity Data Mapping Information
24.1.10.3
Discovering Transaction Data Mapping Information
24.1.10.4
Building Transaction Reports
24.2
Auditing Management Events
24.2.1
Introduction to Auditing
24.2.2
Audit Record Storage
24.2.3
Audit Reports and Oracle Business Intelligence Publisher
24.2.4
Oracle Adaptive Access Manager CSR and Management Events You Can Audit
24.2.4.1
Customer Care Events
24.2.4.2
KBA Questions Events
24.2.4.3
Policy Management Events
24.2.4.4
Policy Set Management Events
24.2.4.5
Group/List Management Events
24.2.4.6
Pattern Management Events
24.2.4.7
Dynamic Action Management Events
24.2.4.8
Entity Management Events
24.2.4.9
Transaction Management Events
24.2.4.10
Snapshot Management Events
24.2.4.11
OAAM Server Administration Events
24.2.4.12
User Detail Events
24.2.4.13
Import Events
24.2.5
Setting Up Auditing for Oracle Adaptive Access Manager
24.2.5.1
Creating the Audit Schema Using Repository Creation Utility
24.2.5.2
Configuring a Data Source for the Audit Database
24.2.5.3
Setting the Audit Level Using Fusion Middleware Control
24.2.5.4
Registering JDBC Data Source for Audit Policy Store with Fusion Middleware Control
24.2.5.5
Setting Up Audit Reports
24.2.5.6
Restarting the WebLogic Server
24.2.6
Running OAAM Audit Reports
24.2.7
Running the Fusion Middleware Common User Activities Reports
24.2.8
Setting Up Audit Report Filters
24.2.9
Designing and Creating Audit Reports
24.3
Use Cases
24.3.1
Use Case: BIP Reports
24.3.1.1
Description
24.3.1.2
Steps
24.3.2
Use Case: LoginSummary Report
Part X Deployment Management
25
Managing OAAM Snapshots
25.1
OAAM Snapshot Concepts
25.1.1
OAAM Snapshots
25.1.2
OAAM Snapshot Storage
25.1.3
OAAM Snapshot Metadata
25.1.4
OAAM Configuration Backup
25.1.5
OAAM Configuration Restore
25.2
Navigating to the OAAM System Snapshot Search Page
25.3
Searching for an OAAM Snapshot
25.4
Importing an OAAM Snapshot
25.5
Importing an OAAM Snapshot Using CLI
25.6
Viewing Details of an OAAM Snapshot
25.7
Backing Up the System Configuration to a Database, Database and File, or File
25.8
Backing Up the Current System Configuration to the System Database
25.9
Backing Up the Current System Configuration to a Database and File
25.10
Backing Up the Current System Configuration to a File
25.11
Exporting an OAAM Snapshot Using CLI
25.12
Restoring an OAAM Snapshot
25.12.1
Steps to Restore Selected OAAM Snapshot
25.12.2
Loading and Restoring an OAAM Snapshot
25.12.3
Restarting the Servers
25.12.4
OAAM Snapshot Restore Considerations
25.12.4.1
OAAM Snapshot in Live System (Single Server)
25.12.4.2
OAAM Snapshot Restore in Multi-Server System (Connected to the Same Database)
25.12.4.3
OAAM Snapshot Restore in Multi-Server Running Different Versions
25.13
Deleting an OAAM Snapshot
25.14
Use Cases
25.14.1
System Snapshot Import/Export
25.14.2
Use Case: User Exports Policy Set as a Record for Research
25.14.3
Use Case: User Replaces Entire System
25.14.4
Use Case: User Identifies Policy Set to Import
25.15
Best Practices for OAAM Snapshots
26
Using the OAAM Properties Editor
26.1
Navigating to the OAAM Properties Search Page
26.2
Searching for an OAAM Property
26.3
Viewing the Value of an OAAM Property
26.4
Viewing Enumerations
26.5
Creating a New Database Type OAAM Property
26.6
Editing the Values for Database and File Type Properties
26.7
Deleting Database Type OAAM Properties
26.8
Exporting Database and File Type OAAM Properties
26.9
Importing Database Type OAAM Properties
26.10
Editing Enums in the OAAM Properties Editor
Part XI Command-Line Interface
27
Using OAAM Command-Line Interface Scripts
27.1
Using CLI
27.1.1
Obtaining Usage Information for Import or Export
27.1.2
Command-Line Options
27.1.2.1
What is the Syntax for Commands?
27.1.2.2
CLI Parameters
27.1.2.3
Supported Modules for Import and Export
27.1.2.4
Import of Files
27.1.2.5
Export of Files
27.1.2.6
Import Options
27.1.2.7
Importing Multiple Types of Entities in One Transaction
27.1.2.8
Multiple Modules and Extra Options (Common vs. Specific)
27.1.2.9
Transaction Handling
27.1.2.10
Upload Location Database
27.1.3
Globalization
27.2
Importing IP Location Data
27.2.1
Loading the Location Data to the Oracle Adaptive Access Manager Database
27.2.1.1
Setting Up for SQL Server Database
27.2.1.2
Setting Up IP Location Loader Properties
27.2.1.3
Setting Up for Loading MaxMind IP data
27.2.1.4
Setting Up Encryption
27.2.1.5
Loading Location Data
27.2.2
System Behavior
27.2.3
Quova/Neustar File Layout
27.2.3.1
Routing Types Mapping
27.2.3.2
Connection Types Mapping
27.2.3.3
Connection Speed Mapping
27.2.4
Oracle Adaptive Access Manager Tables
27.2.4.1
Anonymizer
27.2.4.2
Tables in Location Loading
27.2.5
Verifying When the Loading was a Success
27.2.6
Troubleshooting Tip on Loading IP Location Data
Part XII Multitenancy
28
Multitenancy Access Control for CSR and Agent Operation
28.1
Multitenancy Access Control
28.2
Mapping of Application ID (Client-Side) to Organization ID (Administration Side)
28.3
Set Up Access Control for Multitenancy
28.3.1
Set Access Control for Multitenancy
28.3.2
Providing CSR Access to Particular Organizations
28.3.2.1
Using WebLogic
28.3.2.2
Adding Users and Groups in the LDAP Store
28.4
Multitenant Access Control in Case Management
28.5
Multitenancy Access Control Use Case
28.5.1
CSR and CSR Manager Access Controls
28.5.2
Agent Access Controls
28.5.3
CSR Case API Data Access Controls
28.6
Troubleshooting/FAQ
28.6.1
I thought I had set up multitenancy access control but CSRs and Investigators still have access to all cases
28.6.2
I have set up multitenancy access control and I have verified that the property is set to true but the CSRs and Investigators are able to access to all cases
28.6.3
Are Security and System Administrators affected when I set up multitenancy access control?
28.6.4
Can CSRs and Investigators have access to multiple organizations?
28.6.5
Can I limit access of a CSR or Investigator to certain organizations even though he had access before?
28.6.6
My CSRs and Investigators have no access to cases. What is wrong?
Part XIII Troubleshooting
29
Performance Considerations and Best Practices
29.1
Performance Troubleshooting
29.2
Performance Monitoring and Troubleshooting Tools
29.3
Performance Best Practices
29.3.1
Policies and Rules
29.3.2
Logging
29.3.3
Database
29.3.4
Memory
29.3.5
Network
29.3.6
Hardware
30
FAQ/Troubleshooting
30.1
Techniques for Solving Complex Problems
30.1.1
Simple Techniques
30.1.2
Divide and Conquer
30.1.3
Rigorous Analysis
30.1.4
Process Flow of Analysis
30.1.4.1
State the Problem
30.1.4.2
Specify the Problem
30.1.4.3
What It Never Worked
30.1.4.4
IS and IS NOT but COULD BE
30.1.4.5
Develop Possible Causes
30.1.4.6
Test Each Candidate Cause Against the Specification
30.1.4.7
Confirm the Cause
30.1.4.8
Failures
30.2
Troubleshooting Tools
30.3
Policies, Rules, and Conditions
30.4
Groups
30.5
Autolearning
30.6
Configurable Actions
30.7
Entities and Transactions
30.8
KBA
30.9
Case Management
30.10
Jobs
30.11
Dashboard
30.12
Command-Line Interface
30.13
Import/Export
30.14
Location Loader
30.15
Device Registration
30.16
Time Zones
30.17
Encryption
30.18
Localization
30.19
Virtual Authentication Devices
30.19.1
Timeout Session Option in Oracle WebLogic
30.20
OAAM Schema
30.21
Upgrades
30.22
OAAM Sessions are Not Recorded When IP Address from Header is an Invalid IP Address
Part XIV Appendixes
A
Using OAAM
A.1
Investigation - Alert Centric Flow
A.2
Investigation - Session Centric Flow
A.3
Investigation - Auto-generated Agent Case Flow
A.4
Escalated Agent Case
A.5
Search Transactions: Add Filter 1
A.6
Search Transactions: Add Filter 2
A.7
Wire Transfer Dollar Amount Pattern
A.8
Shipping Address Country Pattern and Billing Mismatch
A.9
Browser Locale Pattern
A.10
Credit Card by Shipping Address Country Pattern
A.11
Linked Entities
B
Conditions Reference
B.1
Available Conditions
B.2
Descriptions
B.3
Autolearning Conditions
B.3.1
Pattern (Authentication): Entity is Member of Pattern Bucket for First Time in Certain Time Period
B.3.2
Pattern (Authentication): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.3
Pattern (Authentication): Entity is a Member of the Pattern Bucket Less Than Some Percent with All Entities in the Picture
B.3.4
Pattern (Authentication): Entity is Member of Pattern N Times
B.3.5
Pattern (Authentication): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.6
Pattern (Transaction): Entity is Member of Pattern N Times
B.3.7
Pattern (Transaction): Entity is a Member of the Pattern N Times in a Given Time Period
B.3.8
Pattern (Transaction): Entity is a Member of the Pattern Bucket for the First Time in a Certain Time Period
B.3.9
Pattern (Transaction): Entity is a Member of the Pattern Less Than Some Percent of Time
B.3.10
Pattern (Transaction): Entity is a Member of the Pattern Bucket Less than Some Percent with All Entities in the Picture
B.3.11
Pattern (Transaction): Entity is Member of Pattern X% More Frequently All Entities' Average Over Last N Time Periods
B.3.12
Pattern (Transaction): Entity is Member of Pattern X% More Frequently Than Entity's Average Over Last N Time Periods
B.4
Device Conditions
B.4.1
Device: Browser Header Substring
B.4.2
Device: Check if Device is of Given Type
B.4.3
Device: Device First Time for User
B.4.4
Device: Excessive Use
B.4.5
Device: In Group
B.4.6
Device: Is Registered
B.4.7
Device: Timed Not Status
B.4.8
Device: Used Count for User
B.4.9
Device: User Count
B.4.10
Device: User Status Count
B.4.11
Device: Velocity from Last Login and Ignore IP Group
B.4.12
Device: Check if Device is Using Mobile Browser
B.5
Location Conditions
B.5.1
Location: ASN in Group
B.5.2
Location: in City Group
B.5.3
Location: In Carrier Group
B.5.4
Location: In Country Group
B.5.5
Location: IP Connection Type in Group
B.5.6
Location: IP in Range Group
B.5.7
Location: IP Line Speed Type
B.5.8
Location: IP Maximum Users
B.5.9
Location: IP Routing Type in Group
B.5.10
Location: Is IP from AOL
B.5.11
Location: In State Group
B.5.12
Location: IP Connection Type
B.5.13
Location: IP Maximum Logins
B.5.14
Location: IP Excessive Use
B.5.15
Location: Timed Not Status
B.5.16
Location: IP in Group
B.5.17
Location: Domain in Group
B.5.18
Location: IP Connection Speed in Group
B.5.19
Location: ISP in Group
B.5.20
Location: Top-Level Domain in Group
B.5.21
Location: IP Multiple Devices
B.5.22
Location: IP Routing Type
B.5.23
Location: IP Type
B.5.24
Location: User Status Count
B.6
Session Conditions
B.6.1
Session: Check Parameter Value
B.6.1.1
Session: Check Parameter Value Parameters
B.6.1.2
Example Usage
B.6.2
Session: Check Parameter Value in Group
B.6.3
Session: Check Parameter Value for Regular Expression
B.6.3.1
Session: Check Parameter Value for Regular Expression Parameters
B.6.3.2
Example Usage
B.6.4
Session: Check Two String Parameter Values
B.6.5
Session: Check String Value
B.6.5.1
Session: Check String Value Parameters
B.6.5.2
Example Usage
B.6.6
Session: Time Unit Condition
B.6.7
Session: Compare Two Parameter Values
B.6.8
Session: Check Current Session Using the Filter Conditions
B.6.9
Session: Check Risk Score Classification
B.6.10
Session: Cookie Mismatch
B.6.11
Session: Mismatch in Browser Fingerprint
B.6.12
Session: Compare with Current Date Time
B.6.13
Session: IP Changed
B.6.14
Session: Check Value in Comma Separated Values
B.7
System Conditions
B.7.1
System - Check Boolean Property
B.7.1.1
System - Check Boolean Property Parameters
B.7.1.2
Example Usage
B.7.2
System - Check Enough Pattern Data
B.7.3
System - Check If Enough Data is Available for Any Pattern
B.7.4
System - Check Integer Property
B.7.5
System - Check Request Date
B.7.6
System - Check String Property
B.8
Transactions Conditions
B.8.1
About Duration Types
B.8.2
Transaction: Check Count of Any Entity or Element of a Transaction Using Filter Conditions
B.8.3
Transaction: Check Current Transaction Using Filter Condition
B.8.4
Transaction: Check if Consecutive Transactions in Given Duration Satisfy the Filter Conditions
B.8.5
Transaction: Check Number of Times Entity Used in Transaction
B.8.6
Transaction: Check Transaction Aggregrate and Count Using Filter Conditions
B.8.7
Transaction: Check Transaction Count Using Filter Condition
B.8.8
Transaction: Compare Transaction Aggregrates (Sum/Avg/Min/Max) Across Two Different Durations
B.8.9
Transaction: Compare Transaction Counts Across Two Different Durations
B.8.10
Transaction: Compare Transaction Entity/Element Counts Across Two Different Durations
B.8.11
Transaction: Check Unique Transaction Entity Count with the Specified Count
B.9
User Conditions
B.9.1
User: Stale Session
B.9.2
User: Devices Used
B.9.3
User: Check If Devices Of Certain Type Are Used
B.9.4
User: Check Number of Registered Devices Of Given Type
B.9.5
User: Velocity from Last Success
B.9.6
User: Velocity from Last Successful Login
B.9.7
User: Velocity from Last Successful Login within Limits
B.9.8
User: Distance from Last Successful Login
B.9.9
User: Distance from Last Successful Login within Limits
B.9.10
User: Authentication Image Assigned
B.9.11
User: Authentication Mode
B.9.12
User: Status Count Timed
B.9.13
User: Challenge Timed
B.9.14
User: Challenge Channel Failure
B.9.15
User: Challenge Questions Failure
B.9.16
User: Challenge Failure - Minimum Failures
B.9.17
User: Challenge Maximum Failures
B.9.18
User: Challenge Failure Is Last Challenge Before
B.9.19
User: Check OTP Failures
B.9.20
User: Multiple Failures
B.9.21
User: In Group
B.9.22
User: Login in Group
B.9.23
User: User Group in Group
B.9.24
User: Action Count
B.9.25
User: Action Count Timed
B.9.26
User: Check Last Session Action
B.9.27
User: Account Status
B.9.28
User: Client And Status
B.9.29
User: Question Status
B.9.30
User: Image Status
B.9.31
User: Phrase Status
B.9.32
User: Preferences Configured
B.9.33
User: Check Information
B.9.34
User: Check User Data
B.9.35
User: User Agent Percentage Match
B.9.36
User: Is User Agent Match
B.9.37
User: Check Fraudulent User Request
B.9.38
User: Check Anomalous User Request
B.9.39
User: User is Member of Pattern N Times
B.9.40
User: User Country for First Time
B.9.41
User: Country First Time for User
B.9.42
User: Country First Time from Group
B.9.43
User: User State for First Time
B.9.44
User: State First Time for User
B.9.45
User: User City for First Time
B.9.46
User: City First Time for User
B.9.47
User: Login for First Time
B.9.48
User: IP Carrier for First Time
B.9.49
User: User IP for First Time
B.9.50
User: User ISP for First Time
B.9.51
User: Check First Login Time
B.9.52
User: ASN for First Time
B.9.53
User: User Carrier for First Time
B.9.54
User: Maximum Countries
B.9.55
User: Maximum States
B.9.56
User: Maximum Cities
B.9.57
User: Maximum Locations Timed
B.9.58
User: Maximum IPs Timed
B.9.59
User: Country Failure Count for User
B.9.60
User: Check Login Count
B.9.61
User: Last Login Status
B.9.62
User: Last Login within Specified Time
B.9.63
User: Check Login Time
B.9.64
User: Login Time Between Specified Times
B.9.65
User: Is Last IP Match with Current IP
B.9.66
User: Location Used Timed
B.9.67
User: Checkpoint Score
C
OAAM Properties
C.1
About Adding User Defined Enum Elements or Changing the Enabled Attribute of an Enum Element
C.2
Access Manager and Oracle Adaptive Access Manager Integration Properties
C.3
Oracle Identity Manager and Oracle Adaptive Access Manager Integration Properties
C.4
Agent Cases Properties
C.5
Autolearning Properties
C.6
Configurable Action Properties
C.7
Cookie Properties
C.8
Customer Care Properties
C.9
Database Activity Properties
C.10
Device Registration Properties
C.11
Digital Fingerprint Properties
C.12
Encrypted Data Masking Properties
C.13
Encryption Properties
C.14
Entities and Transactions Properties
C.15
Fuzzy Logic Properties
C.16
Groups Properties
C.17
Integration Properties
C.18
Investigation Properties
C.19
KBA Properties
C.20
Localization
C.21
Mobile Properties
C.22
Offline Scheduler Properties
C.23
OTP Properties
C.24
Performance Properties
C.25
Policies, Rules, and Conditions Properties
C.26
Properties Editor Properties
C.27
Proxy Properties
C.28
SOAP Configuration Properties
C.29
Status: Account Status Properties
C.30
Status: Authentication Status Properties
C.31
Time Zone Properties
C.32
User Interface Properties
C.33
Virtual Authentication Devices Properties
D
Setting Up Archive and Purge Procedures
D.1
Overview
D.2
Setting Up the Scripts in Database
D.2.1
Non-EBR Schema
D.2.2
EBR Schema
D.3
Running the Archive and Purge Scripts
D.4
Running Partition Maintenance Scripts
D.4.1
Dropping Weekly Partitions
D.4.2
Dropping Monthly Partitions
D.5
Minimum Data Retention Policy for OLTP (Online Transaction Processing) Tables
D.6
Best Practices/Guidelines for Running Purge Scripts
D.7
Details of Data that is Archived and Purged
D.7.1
Login and Device Data
D.7.2
Rules and Policy Log Data
D.7.3
Transactions and Entities Data
D.7.4
Autolearning Data
D.7.5
Profile Data
D.7.6
Cases-Related Data
D.7.7
Monitor Data
D.8
List of Related Stored Procedures
E
Device Fingerprinting and Identification
E.1
OAAM Device Fingerprinting
E.1.1
Fingerprinting Types
E.1.1.1
Web Browser-Based Fingerprinting
E.1.1.2
Flash Fingerprinting
E.1.1.3
JavaScript Fingerprinting
E.1.1.4
Mobile Device Fingerprinting
E.1.1.5
Custom Client Fingerprinting
E.1.2
What Makes Up a Device Fingerprint?
E.1.2.1
Secure Cookie and Browser Characteristics
E.1.2.2
Flash Shared Object and Device Characteristics
E.1.2.3
Native Mobile Application
E.1.2.4
IP Intelligence and Historical Context
E.1.3
Setting Up Standard Fingerprinting
E.1.4
Setting Up JavaScript Fingerprinting
E.1.5
Disabling Flash or Javascript Fingerprinting
E.1.6
Native Integration and Device Fingerprinting
E.1.7
Setting Up Flash Fingerprinting in a Native Integration
E.1.8
Setting Up Custom Fingerprinting
E.1.9
Modifying the Mobile Device Fingerprint in a Native Integration
E.1.10
Viewing Fingerprinting Data
E.1.10.1
Session Details
E.1.10.2
User Details: Fingerprint Data
E.1.10.3
Location Details: Fingerprints Tab
E.1.10.4
Device Details
E.1.10.5
Fingerprint Details Page
E.1.10.6
Alerts Details: Fingerprint Data
E.2
Device Identification
E.2.1
Assigning the Device ID
E.2.2
Device Identification Policies
E.2.2.1
OAAM Base Device ID Policy
E.2.2.2
OAAM Mobile Device ID Policy
E.2.2.3
OAAM Device ID Policy
E.2.3
Native Integration and Device ID
E.2.4
Extending Device Identification
E.2.4.1
Prerequisites
E.2.4.2
Developing a Custom Device Identification Extension
E.2.4.3
Overview of Interactions
E.2.4.4
Compile, Assemble and Deploy
E.2.4.5
Important Note About Implementing the Extension
E.3
Use Cases
E.4
Device Fingerprinting Troubleshooting
E.5
Device Identification and Fingerprinting Frequently Asked Questions
E.5.1
Custom Attribute Use Cases
E.5.1.1
Custom Attribute Available
E.5.1.2
Custom Attribute Not Available and Flash Not Installed
E.5.1.3
Custom Attribute Search
E.5.1.4
Flash cookie Cleared
E.5.1.5
Secure Cookies Deleted?
F
Globalization Support
F.1
Supported Languages
F.2
Dashboard
F.3
Knowledge-Based Authentication
F.3.1
Answer Logic Phonetics Algorithms
F.3.2
Keyboard Fat Fingering
F.3.3
Adding Registration Questions
G
OAAM Access Roles
G.1
Understanding Users and Roles for OAAM
G.2
CSR (OAAMCSRGroup)
G.3
CSR Managers (OAAMCSRManagerGroup)
G.4
Fraud Investigator (OAAMInvestigatorGroup)
G.5
Fraud Investigation Managers (OAAMInvestigationManagerGroup)
G.6
Security Administrator (OAAMRuleAdministratorGroup)
G.7
System Administrator (OAAMEnvAdminGroup)
G.8
OAAMSOAPServicesGroup
G.9
Auditor
H
Pattern Processing
H.1
Pattern Data Processing
H.2
APIs for Triggering Pattern Data Processing
H.2.1
updateTransaction
H.2.2
updateAuthStatus
H.2.3
processPatternAnalysis
I
Configuring Logging
I.1
Logging Configuration File
I.2
Oracle Adaptive Access Manager Loggers
I.3
Logging Levels
I.4
Handlers
I.4.1
Configuring the File Handler
I.4.2
Configuring Both Console Logging and File Logging
I.5
Redirecting oracle.oaam Logs
I.6
Setting Logging Levels
J
Configuring Rule and Fingerprint Logging
J.1
About Rule Logging
J.1.1
Fingerprint Rule Logging
J.1.2
Detailed Rule Logging
J.1.3
Status Columns in the VR_RULE_LOGS Table
J.2
Rule Logging Properties
J.3
Enabling Rule Logging
J.4
Enabling Rule Logging for a Specific Checkpoint
J.5
Enabling Logging of Untriggered Rules
J.6
Enabling Detailed Logging
J.7
Enabling Fingerprint Rule Logging
J.8
Viewing Rule Execution in Session Details
J.9
Archiving and Purging Rule Log Data
K
VCryptUser Table
K.1
VCryptUser
Glossary
Scripting on this page enhances content navigation, but does not change the content in any way.