Security and Privacy/Additional Security Features

Security Related Fields in the Audit Trail

Descope automatically logs two powerful security-related fields for every authentication event:

  • J4A Fingerprinting: Detects bots and suspicious activity by analyzing request patterns and characteristics.
  • ASN (Autonomous System Number): Identifies the network and organization behind the request's IP address.

These fields are available in the audit trail and can be leveraged in Descope Flows to automate risk-based security decisions.

What is J4A Fingerprinting?

J4A is an advanced fingerprinting system that analyzes:

  • Request patterns
  • HTTP headers
  • Timing and behavioral signals

to generate a unique fingerprint for each request. This helps you:

  • Detect automated attacks (bots, credential stuffing)
  • Identify suspicious or anomalous activity
  • Assign a risk score to each authentication attempt

How to use it:

  • Review the J4A score in the audit trail for risk assessment
  • Add flow conditions to block, challenge, or step-up authentication for risky requests

What is ASN?

ASN (Autonomous System Number) is a unique identifier for networks on the internet. Each ASN represents a group of IP addresses managed by a single organization (e.g., an ISP, cloud provider, or enterprise).

  • ASN is a globally unique 16-digit number
  • Reveals the network origin of a request
  • Useful for identifying requests from known malicious networks or anonymizing services

How to use it:

  • Allow, deny, or require additional verification for requests from specific ASNs
  • Apply geo/network-based access controls

Example: Security Headers in the Audit Trail

On the Audit page, you can see these fields in every event. For example, a LoginSucceed event includes cf-ja4 (J4A fingerprint) and x-asn (ASN):

{
  "browser": "Chrome",
  "device": "Desktop",
  ...
  "request_details": {
    "headers": {
      "descope": {
        "cf-ja4": "...", // <--- J4A
        "x-asn": "...",  // <--- ASN
        ...
      },
      ...
    },
    ...
  }
}

Using J4A & ASN in Descope Flows

You can use these fields in your Descope Flows to:

  • Block or challenge risky requests: Use the J4A score to detect and block bots or suspicious activity.
  • Apply network-based logic: Use ASN to allow, deny, or step-up authentication for requests from certain networks or countries.
  • Customize user journeys: Dynamically adapt authentication flows based on risk profile or network origin.

Example: Require MFA for Risky ASN

Suppose you want to require MFA for users coming from ASNs known for phishing or spam. You can do this in your flow conditions:

  1. Add the ASN condition:

ASN flow condition

  1. Trigger MFA based on ASN:

ASN condition in flow MFA

Best Practices

  • Monitor: Regularly review J4A and ASN data in your audit logs for new threats.
  • Automate: Use flow conditions to respond to risky requests in real time.
  • Adapt: Update your flow logic as new attack patterns or malicious ASNs emerge.

For more details, see the Descope Audit Trail doc.

Was this helpful?

Refresh Token Rotation

A guide and overview of how refresh token rotation works with Descope and how it secures your sessions.

Single Active Session

Learn how to implement single active sessions across devices with Descope SDK. Enhance security, prevent conflicts, and ensure seamless user experiences.

On this page