OAAM Registration Oracle Fusion Middleware Online Documentation Library

OAAM Security and Autolearning Policies 11-25

11.5.5.1.4 OAAM Challenge: Trigger Combinations

Table 11–21 OAAM Challenge Policy Rules Details Rule Rule Condition and Parameters Results Max failed SMS attempts User: Check OTP failures OTP Challenge Type = ChallengeSMS Failure More than or Equal To = 3 If above or equal = TRUE Action = NONE Alert = NONE Score = 0 Max failed Email attempts User: Check OTP failures OTP Challenge Type = ChallengeEmail Failure More than or Equal To = 3 If above or equal = TRUE Action = NONE Alert = NONE Score = 0 Max failed Question attempts User: Challenge Maximum Failures Number of Failures More than or equal to = 3 Current Question Count only? = False If above or equal, return = True Action = NONE Alert = NONE Score = 0 Questions Active User: Question Status User Question Status = Set Is = True Action = NONE Alert = NONE Score = 0 Challenge Email Available Session: Check value in comma separated values Parameter Key = AvailableChallengeTypes Value to Check = ChallengeEmail Return if in list = True Action = NONE Alert = NONE Score = 0 Challenge SMS Available Session: Check value in comma separated values Parameter Key = AvailableChallengeTypes Value to Check = ChallengeSMS Return if in list = True Action = NONE Alert = NONE Score = 0 Check for HIGH Risk Score Session: Check Risk Score Classification Risk score classification to check = High Risk Default value to return in case of errors = False Action = NONE Alert = NONE Score = 0 11-26 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Table 11–22 OAAM Challenge Trigger Combinations Description Combination Detail Result Allow the user to register if the risk score is not High and if the user is not registered Check for High Risk Score = False Questions Active = False Challenge Email Available = False Challenge SMS Available = False Max failed Question Attempts = Any Max failed Email Attempts = Any Max failed SMS Attempts = Any Policy = NONE Action = OAAM Allow Alert = NONE Score = 0 Challenge the user with SMS if the risk score is High and he is registered for SMS and has not failed the maximum number of SMS challenges. Check for High Risk Score = TRUE Questions Active = Any Challenge Email Available = Any Challenge SMS Available = TRUE Max failed Question Attempts = Any Max failed Email Attempts =Any Max failed SMS Attempts = False Policy = NONE Action = OAAM Challenge SMS Alert = NONE Score = 0 Challenge the user with email if the risk score is High and he has registered for email and he did not fail the email challenge the maximum number of times yet. Check for High Risk Score = HIGH Questions Active = Any Challenge Email Available = TRUE Challenge SMS Available = Any Max failed Question Attempts = Any Max failed Email Attempts = FALSE Max failed SMS Attempts = Any Policy = NONE Action = OAAM Challenge Email Alert = NONE Score = 0 Challenge the user with questions if he has challenge questions active and has not failed the maximum number of challenges for questions Check for High Risk Score = Any Questions Active = TRUE Challenge Email Available = Any Challenge SMS Available = Any Max failed Question Attempts = TRUE Max failed Email Attempts = Any Max failed SMS Attempts = Any Policy = NONE Action = OAAM Challenge Question Alert = NONE Score = 0 Challenge the user with OTP via SMS if he has not failed Challenge SMS and he is registered for SMS. Check for High Risk Score = Any Questions Active = Any Challenge Email Available = Any Challenge SMS Available = TRUE Max failed Question Attempts = Any Max failed Email Attempts = Any Max failed SMS Attempts = FALSE Policy = NONE Action = OAAM Challenge SMS Alert = NONE Score = 0 OAAM Security and Autolearning Policies 11-27

11.5.6 Customer Care Policies

Customer care policies are presented in this section.

11.5.6.1 OAAM Customer Care Ask Question

This policy determines if the user has active questions, more questions left for the challenge, and how many challenges have failed.

11.5.6.1.1 OAAM Customer Care Ask Question Policy Summary

11.5.6.1.2 OAAM Customer Care Ask Question Flow Diagram

11.5.6.1.3 OAAM Customer Care Ask Question: Details of Rules

Challenge the user with email if he is registered for email and he did not fail the email challenge the maximum number of times yet. Check for High Risk Score = Any Questions Active = Any Challenge Email Available = TRUE Challenge SMS Available = Any Max failed Question Attempts = Any Max failed Email Attempts = FALSE Max failed SMS Attempts = Any Policy = NONE Action = OAAM Challenge Email Alert = NONE