Security and Privacy/Additional Security Features

Security Related Fields In Descope's Audit Trail

Descope logs two important security-related fields: J4A fingerprinting and ASN (Autonomous System Number) data. These fields are automatically captured in every audit event and provide crucial information about the origin of authentication requests. J4A fingerprinting helps identify potential malicious actors by analyzing request patterns and characteristics, while ASN data reveals the network infrastructure and organization behind the request's IP address. Together, these fields enable you to make informed security decisions and implement appropriate access controls based on the risk level of incoming requests.

J4A fingerprinting

J4A is a sophisticated fingerprinting system that analyzes various characteristics of incoming requests to identify potential malicious actors. It examines multiple parameters including request patterns, headers, timing, and behavior to create a unique fingerprint for each request. This fingerprinting helps detect automated attacks, credential stuffing attempts, and other suspicious activities. The J4A score in the audit trail provides a risk assessment that can be used to implement additional security measures or block potentially harmful requests.

ASN

ASN (Autonomous System Number) is a unique identifier assigned to networks that operate under a single administrative domain and routing policy on the internet. ASN is a globally unique 16 digit identification number, that is assigned to each autonomous system (AS) on the internet. An autonomous system is a collection of IP networks and routers under the control of a single organization that presents a common routing policy to the internet.

Audit Log

On the (audit page)[https://app.descope.com/audits], here is an example for a "LoginSucceed" event, that has "cf-ja4" and "x-asn" fields that represent the JA4 fingerprint and ASN accordingly:

{
    "browser": "Chrome",
    "correlation_id": "",
    "device": "Desktop",
    "flow_execution_id": "",
    "flow_id": "sign-in-social-or-sso-with-magic-link-mfa",
    "os": "macOS",
    "osVersion": "10.15.7",
    "request_details": {
        "contentLength": "264",
        "headers": {
            "descope": {
                "cf-bot-score": "99",
                "cf-connecting-ip": "",
                "cf-ja3-hash": "",
                "cf-ja4": "", // <--- JA4
                "cf-ray": "",
                "cf-verified-bot": "false",
                "sec-fetch-dest": "empty",
                "x-asn": "", // <--- ASN
                "x-descope-project-id": "",
                "x-descope-sdk-name": "web-js",
                "x-descope-sdk-session-id": "2025-06-26-11:00:59:581-8484",
                "x-descope-sdk-version": "1.33.4",
                "x-request-id": ""
            },
            "http": {
                "origin": "https://app.descope.com",
                "referer": "https://app.descope.com/",
                "sec-fetch-dest": "empty",
                "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36"
            }
        },
        "host": "console.descope.com",
        "method": "POST",
        "replayNonces": [...],
        "uri": "/console/v1/flow/next",
        "url": "/console/v1/flow/next"
    }
}

Descope Flows

You can leverage both J4A fingerprinting and ASN data within your Descope flows to enhance security and automate decision-making. These fields are available as part of the authentication and audit context, enabling you to:

  • Block or challenge suspicious requests: Use the J4A score to identify and block automated attacks, credential stuffing, or other risky behaviors.
  • Apply conditional logic based on network origin: Use ASN data to allow, deny, or require additional verification for requests coming from specific network types, countries, or known malicious ASNs.
  • Customize user journeys: Adapt authentication flows dynamically based on the risk profile indicated by J4A or the network characteristics revealed by ASN.

By incorporating these fields into your flow conditions, you can automate responses to threats and tailor the authentication experience to the risk level of each request.

Here is an example of using ASN inside a flow condition, to require MFA for end users who are tagged with ASN numbers frequently used for Phishing, spam, and malware:

First adding the condition.

ASN flow condition

Second, adding the condition to a flow and trigger MFA based on the request's header - ASN number.

ASN condition in flow MFA

Was this helpful?

Refresh Token Rotation

A guide and overview of how refresh token rotation works with Descope and how it secures your sessions.

Single Active Session

Learn how to implement single active sessions across devices with Descope SDK. Enhance security, prevent conflicts, and ensure seamless user experiences.

On this page