Événements de journal Authentification multifacteur (MFA) adaptative
Vos journaux incluent des entrées pour les tentatives de connexion réussies et échouées, ainsi que des informations sur les scores d’évaluation des risques associés à l’authentification multifacteur (MFA) adaptative. Les mêmes entrées sont également disponibles dans les objets de contexte des règles. Les entrées liées à l’authentification multifacteur (MFA) adaptative suivent la structure suivante :
{
"date": "2020-06-26T15:12:43.654Z",
"type": "s",
"details": {
"riskAssessment": {
"confidence": "high",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "not_found_on_deny_list"
},
"NewDevice": {
"confidence": "medium",
"code": "partial_match",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "high",
"code": "minimal_travel_from_last_login"
}
}
}
},
"description": "Successful login"
}Was this helpful?
/
Voici un exemple :
{
"date": "2020-06-24T20:24:39.412Z",
"type": "s",
"description": "Successful login",
"connection": "Username-Password-Authentication",
"connection_id": "con_16Tpc6YqlWZ4HCut",
"client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
"client_name": "jwt.io",
"ip": "10.12.13.1",
"client_ip": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"prompts": [
{
"name": "prompt-authenticate",
"initiatedAt": null,
"completedAt": 1593030278513,
"connection": "Username-Password-Authentication",
"connection_id": null,
"strategy": "auth0",
"identity": "5ee10b1ca85332004e44ce3e",
"stats": {
"loginsCount": 66
},
"elapsedTime": null
},
{
"name": "login",
"flow": "universal-login",
"initiatedAt": 1593030268561,
"completedAt": 1593030278558,
"timers": {
"rules": 336
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"elapsedTime": 9997
}
],
"initiatedAt": 1593030268550,
"completedAt": 1593030279374,
"elapsedTime": 10824,
"session_id": "dKvR03IjVSNLPaVLqVS-FBuX87z0bBoE",
"riskAssessment": {
"confidence": "medium",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"code": "match_useragent",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "low",
"code": "missing_geoip"
}
}
},
"stats": {
"loginsCount": 66
}
},
"hostname": "josh.local.dev.auth0.com",
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"strategy": "auth0",
"strategy_type": "database"
}Was this helpful?
/
Détails de la protection contre les attaques
En plus des informations nécessaires à l’exécution des règles, Auth0 inclut des données relatives à la protection contre les attaques d’authentification multifacteur (MFA) adaptative dans les journaux de vos locataires. La même structure de données utilisée dans les règles est également présente dans les journaux des locataires :
{
"date": "2020-06-26T15:12:43.654Z",
"type": "s",
"details": {
"anomalyDetection": {
"confidence": "high",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"reason": "ip not found",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"reason": "match useragent",
"code": "match_useragent"
},
"ImpossibleTravel": {
"confidence": "high",
"reason": "minimal travel",
"code": "minimal_travel_from_last_login"
}
}
},
},
"description": "Successful login"
}Was this helpful?
/
Détails de l’invite MFA
Lorsque l’authentification multifacteur (MFA) adaptative est activée, les utilisateurs seront invités à s’inscrire à l’authentification multifacteur lors de leur première tentative de connexion, si leur score de confiance est faible. Une invite MFA peut apparaître dans les détails de l’événement de connexion. Par exemple :
{
"_id": "5ef3bb0a72487a0047c32959",
"date": "2020-06-24T20:43:54.159Z",
"type": "s",
"description": "Successful login",
"connection": "Username-Password-Authentication",
"connection_id": "con_16Tpc6YqlWZ4HCut",
"client_id": "9ZteveEZ8CqSLtCNXgvhoCJQ0jt2xSxe",
"client_name": "jwt.io",
"ip": "10.12.13.1",
"client_ip": null,
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"prompts": [
{
"name": "prompt-authenticate",
"completedAt": 1593031413909,
"connection": "Username-Password-Authentication",
"strategy": "auth0",
"identity": "5ee10b1ca85332004e44ce3e",
"stats": {
"loginsCount": 67
},
"elapsedTime": null
},
{
"name": "login",
"flow": "universal-login",
"initiatedAt": 1593031371948,
"completedAt": 1593031413953,
"timers": {
"rules": 443
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"elapsedTime": 42005
},
{
"name": "mfa",
"flow": "universal-mfa",
"initiatedAt": 1593031414863,
"completedAt": 1593031433795,
"performed_acr": [
"http://schemas.openid.net/pape/policies/2007/06/multi-factor"
],
"performed_amr": [
"mfa"
],
"provider": "guardian",
"elapsedTime": 18932
}
],
"initiatedAt": 1593031371938,
"completedAt": 1593031434151,
"elapsedTime": 62213,
"session_id": "ulYRdsS1F4wIKLpUfQDfhyXgKVJqJaEv",
"riskAssessment": {
"confidence": "medium",
"assessments": {
"UntrustedIP": {
"confidence": "high",
"code": "ip_not_found"
},
"NewDevice": {
"confidence": "medium",
"code": "match_useragent",
"details": {
"device": "unknown",
"useragent": "known",
}
},
"ImpossibleTravel": {
"confidence": "low",
"code": "missing_geoip"
}
}
},
"stats": {
"loginsCount": 67
}
},
"hostname": "josh.local.dev.auth0.com",
"user_id": "auth0|5ee10b1ca85332004e44ce3e",
"user_name": "user@josh.local.dev.auth0.com",
"strategy": "auth0",
"strategy_type": "database"
}Was this helpful?
/
Détails du fournisseur MFA
Des événements peuvent apparaître pour certains fournisseurs MFA. Voici un exemple qui comprend un événement OTP Auth Succeeded.
{
"_id": "5ef3bb0922b43d004844af00",
"date": "2020-06-24T20:43:53.758Z",
"type": "gd_auth_succeed",
"description": "Guardian - Second factor authentication succeed (totp)",
"ip": "10.12.13.1",
"user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"details": {
"request": {
"method": "POST",
"path": "/api/totp/configs/josh/authenticators/totp%7Cdev_3KQv6yQ06pLoksIe/verify",
"query": {},
"userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0",
"body": {
"code": "********"
},
"ip": "10.12.13.1",
"auth": {
"subject": null,
"strategy": "jwt_api2_internal_token",
"scopes": [
"read:authenticators",
"verify:authenticator"
]
}
},
"response": {
"body": {},
"statusCode": null
},
"authenticator": {
"id": "totp|dev_3KQv6yQ06pLoksIe",
"type": "totp"
},
"device_id": "v0:45e50ea0-b65b-11ea-9dd7-27e2c7f14291"
},
"user_id": "auth0|5ee10b1ca85332004e44ce3e"
}Was this helpful?
/