You can configure a contract that allows users to register their devices after authentication. You can also configure an Advanced Authentication method for additional authentication.
Perform the following steps to enable device registration capability:
Create a risk-based policy and assign it to a risk-based authentication class.
For more information about how to create and configure a risk-based policy, see Configuring a Risk Policy.
Create a Device Fingerprinting Rule and assign it to the risk-based policy created in the previous step. Select the following options when you configure rule definitions:
Store Fingerprint in: Select Server to store the fingerprint in the configured risk-database. You can use this option only in risk-based post-authentication scenarios.
To store the fingerprint in a risk-database, you must enable storing the user history in the User History tab. See Enabling User History.
Prompt User Consent: Select this option to allow users to provide their consent before storing the device fingerprint.
Send Email Notification: Select this option to send an email to a user when the user logs in using an unknown device.
For more information about how to specify the email server details, see Section 4.6, Email Server Configuration.
For more information about how to create and configure a rule, see Configuring Rules.
(Optional) In the risk-based policy, configure additional authentication using an Advanced Authentication method.
For more information, see Section 5.1.3, Configuring Authentication Methods.
To set the enrollment URL during the additional authentication, add the following Advanced Authentication Enrollment URL property in the advanced authentication method:
Property Name: ENROLLURL
Property Value: https://aa.b2c.com/account/basic
Create a method for the risk-based authentication class.
For more information, see Configuring a Method for an Authentication Class.
Create a contract for the risk-based authentication class. When you configure this contract, select the first method as Secure Name/Password - Form, and select the second method as risk-based method created in previous step. In addition, ensure that you select the Satisfiable by a contract of equal or higher level option.
For more information, see Configuring a Contract for an Authentication Class.
When this contract is configured, users can register their device, view the registered devices, and delete these devices.