Security and Privacy/Additional Security Features

Security Related Fields in the Audit Trail

Descope automatically logs two powerful security-related fields for every authentication event:

  • J4A Fingerprinting: Detects bots and suspicious activity by analyzing request patterns and characteristics.
  • ASN (Autonomous System Number): Identifies the network and organization behind the request's IP address.

These fields are available in the audit trail and can be leveraged in Descope Flows to automate risk-based security decisions.

What is J4A Fingerprinting?

J4A is an advanced fingerprinting system that analyzes:

  • Request patterns
  • HTTP headers
  • Timing and behavioral signals

to generate a unique fingerprint for each request. This helps you:

  • Detect automated attacks (bots, credential stuffing)
  • Identify suspicious or anomalous activity
  • Assign a risk score to each authentication attempt

How to use it:

  • Review the J4A score in the audit trail for risk assessment
  • Add flow conditions to block, challenge, or step-up authentication for risky requests

What is ASN?

ASN (Autonomous System Number) is a unique identifier for networks on the internet. Each ASN represents a group of IP addresses managed by a single organization (e.g., an ISP, cloud provider, or enterprise).

  • ASN is a globally unique 16-digit number
  • Reveals the network origin of a request
  • Useful for identifying requests from known malicious networks or anonymizing services

How to use it:

  • Allow, deny, or require additional verification for requests from specific ASNs
  • Apply geo/network-based access controls

Example: Security Headers in the Audit Trail

On the Audit page, you can see these fields in every event. For example, a LoginSucceed event includes cf-ja4 (J4A fingerprint) and x-asn (ASN):

{
  "browser": "Chrome",
  "device": "Desktop",
  ...
  "request_details": {
    "headers": {
      "descope": {
        "cf-ja4": "...", // <--- J4A
        "x-asn": "...",  // <--- ASN
        ...
      },
      ...
    },
    ...
  }
}

Using J4A & ASN in Descope Flows

You can use these fields in your Descope Flows to:

  • Block or challenge risky requests: Use the J4A score to detect and block bots or suspicious activity.
  • Apply network-based logic: Use ASN to allow, deny, or step-up authentication for requests from certain networks or countries.
  • Customize user journeys: Dynamically adapt authentication flows based on risk profile or network origin.

Example: Require MFA for Risky ASN

Suppose you want to require MFA for users coming from ASNs known for phishing or spam. You can do this in your flow conditions:

  1. Add the ASN condition:

ASN flow condition

  1. Trigger MFA based on ASN:

ASN condition in flow MFA

Best Practices

  • Monitor: Regularly review J4A and ASN data in your audit logs for new threats.
  • Automate: Use flow conditions to respond to risky requests in real time.
  • Adapt: Update your flow logic as new attack patterns or malicious ASNs emerge.

For more details, see the Descope Audit Trail doc.

Was this helpful?

On this page