Creating Rules in the UI
Rules enable you to check for account fraud as information is entered at login or registration. If an aspect of the account is suspicious, rules enable you to take action, such as requiring an additional security check or denying access.
Rules Set Templates
Verosint provides several templates that detect specific types of account fraud. You can use templates as-is or as a start for a rules set tailored to your business.
- To create a new rule, select Rules from the navigation pane and click the + at the top of the page for +Create, +Import, or +Templates.
- On the Info page, enter a unique name for the Rules Set, and an optional description.
- Click Rules. On the Rules Set page, create one or more Expression for the rules set by adding the signals on the right. Signals are grouped by Email, IP, Phone, and User Agent categories. Click through the lists at the right to choose the signals you want to add to this rule set. Some signals require values, such as country codes or regions (see countries and regions).
- Enter the Outcome you want if the conditions in the expressions are met, such as DENY. This outcome string can be used to drive an action in your authentication flow, such as a prompt for multi-factor authentication.
- Enter an optional reason for the outcome.
- Enter a Default Outcome, if the conditions of the rule are not met. Again, this string can be used to drive an additional action in your authentication flow or simply recorded as a success.
To test the rule, click Evaluate. Enter an account ID, email, IP address, phone number, or user agent and click Evaluate. Check the response to determine whether the rule functioned as intended.
Rules and Auth0
All properties from the Auth0 event object (
Actions Triggers: post-login - Event Object) are available to reference from rulesunder
parameters.<Auth0 property name>. You can set a rule outcome to
ALLOWand have Auth0 prompt Login Success. You can also set an outcome to
ALLOW_WITH_MFAto prompt Auth0 to require MFA. Set an outcome to
DENYto reject a login attempt.
Updated about 2 months ago