Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Consent Management v2
- Admin UI guide
- Consent Management v2 APIs
Identity broker
Delegated User Management v2
Externalized authorization
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Risk management
- Essential Edition
- Enhanced Edition
Mobile identity
- Mobile identity - Access component
- Mobile identity - Tulip
Mobile SDK
API references
Release notes and FAQ
Policy-Based Authorization Manager
Integrations
Identity Orchestrator (IO)

All

All

Evaluate risk with auth feedback

Overview

Please Note:

Risk management
Essential Edition
- Default rules
- Default policies
Enhanced Edition
- Quickstart
  - Tutorial overview
  - Collecting Signals
    - Collecting signals from a mobile
    - Collecting signals from a web page
    - Android
    - iOS
  - Evaluating risk
- Guides
  - What is a policy?
  - Managing policies in the IFP console
  - Evaluate risk with auth feedback
    - Overview
    - Collecting Signals
    - Risk Evaluation
    - Authenticating
    - Authentication Feedback
  - Reporting fraudulent transactions
  - Change password or PIN
  - Ionic Mobile Integration
    - Introduction
    - Setup your environment
    - Create Cordova Plugin
      - Introduction
      - Creating the native Android part of the plug-in
      - Creating the native iOS part of the plug-in
    - Add the plug-in to the app
- REST API
  - Partners
    - Partner technologies overview
    - Thales
    - ThreatMetrix
    - Global Score
      - Description
      - Global score computation
  - Authentication and authorisation
  - Implementing Client-Side Mutual TLS Authentication
  - OpenAPI - stand alone IFP
- SDK
  - Web SDK
    - Risk Management Javascript SDK
    - CORS (Cross-Origin Resource Sharing)
    - Definitions
    - Framework v1
      - Overview
      - Signal collection For a Multi Page Website
    - Framework v2
      - Overview
      - Specification
      - Integration examples
      - Partners Integration
  - Mobile SDK
    - Introduction
    - Overview
    - Signal groups and corresponding signals
      - Overview
      - Signal group size
    - SDK variants
    - SDK compatibilities
    - Release notes
    - Security
      - Android
      - iOS
    - Integration guidelines
      - Before you start
      - Basic integration
      - Advanced use cases
      - Debug vs. Release builds
      - Removal of Zimperium and InAuth SDK
      - Error codes
      - Troubleshooting
    - Permissions
      - OIP Risk Management SDK permissions
      - Permissions required for ThreatMetrix
      - iOS Certificate Pinning For Release Configuration
    - Privacy
      - Apple app privacy
    - Other
      - Android application size reduction
      - Exporting ThreatMetrix Certificate from Browser
      - Third-party libraries
      - Frequently asked questions
      - Appendix A: Evaluation
    - Glossary
    - API reference
    - Supported plaforms

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
Risk management
Enhanced Edition
Guides
Evaluate risk with auth feedback
Overview

Overview

In this scenario, the user wants to access or use some bank resources, such as log in to the bank portal, perform a transaction and so on. The bank would like to make this as easy as possible for the end user, while ensuring a good level of security.

The scenario allows the bank to request a risk evaluation for the operation based on one or more fraud prevention technologies. The result will be a decision from the policy manager like "authenticate with password", "authenticate with OTP", "denied", and so on.

The bank is in charge of enforcing this decision. If the decision was to authenticate with username and 2FA, the bank needs to request the same level of authentication or higher from the user.

Once the user has been authenticated, the bank must provide the result of this authentication back to IdCloud. To improve the quality of the risk evaluations, historical data on past authentication results plays an important role and allows the system to provide better decisions and improve user experience.

Risk evaluation and authentication feedback overview

Sequence diagram

The following sequence diagram shows the different steps to execute this scenario. Risk evaluation with authentication feedback sequence diagram

Next

Collecting signals

On this page

OneWelcome Identity Platform

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Customer Release Notes
- Support Contacts
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2026, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com