Overview
This article provides steps to save Adaptive Multi-Factor Authentication (MFA) risk assessment scores to a user’s app_metadata using a Post-Login Action.
Applies To
- Adaptive MFA
- Actions
- App Metadata
Cause
Solution
To save the Adaptive MFA risk scores, create and deploy a Post-Login Action with the provided script.
- Navigate to Actions > Library and select Create Action > Create Custom Action.
- On the Create Action modal, enter a Name for the Action, select Login / Post Login as the trigger, and select Create.
- In the Action editor, enter the following code:
exports.onExecutePostLogin = async (event, api) => {
if (event.authentication && event.authentication.riskAssessment) {
const riskAssessment = event.authentication.riskAssessment;
const overallScore = riskAssessment.confidence;
const newDeviceScore = riskAssessment.assessments?.NewDevice?.confidence;
const impossibleTravelScore = riskAssessment.assessments?.ImpossibleTravel?.confidence;
const untrustedIPScore = riskAssessment.assessments?.UntrustedIP?.confidence;
const riskData = {
overallScore: overallScore,
assessments: {
newDevice: newDeviceScore,
impossibleTravel: impossibleTravelScore,
untrustedIP: untrustedIPScore
}
};
api.user.setAppMetadata("risk_assessment_history", riskData);
}
};
- Select the Deploy button.
- Add the new Action to the Login flow by navigating to Actions > Triggers > Post-Login.
- Log in to an application to trigger the flow. After a successful login, the risk assessment data is saved to the user’s
app_metadata.
NOTE: This script is an example and is not production-ready. It must be tested thoroughly in a development environment before deployment.