Forter Connector

Forter is a fraud prevention service that provides a real-time evaluation at different touchpoints during the user's journey. Forter uses machine learning to analyze account activities such as sign-ups and logins, providing risk assessments to ensure the security of your users.

Descope's Forter connector helps you astablish a machine-learning based risk score on user's behavior, thus helping you detect fraud or hacker associated connections to your system. The connector offers you a result with multiple call-to-actions to use inside your flow, such as a recommendation to log in the user.

Setting Up The Forter Connector

To integrate the Forter connector, follow the steps below:

Navigate to Connector

• Visit the Connectors page in the Descope Console.
• Choose Forter from the list of connectors.

Connector Setup

Set up the necessary inputs:

• Connector name: Assign a custom name for your connector, especially useful when using multiple connectors originating from the same template.
• Connector description: (Optional) A brief description of your connector's purpose.
• Site ID: The Forter site ID.
• Secret Key: The Forter secret key.
• API Version: (Optional) Configure which version of the Forter API is being used, most recent by default

The Forter Site ID and Secret Key can be found in the Forter portal.

Test & Save

The Forter connector offers a way to test the integration with a specified email and IP address.

• Override IP Address: Override the user IP address.
• Override User Email: Override the user email.

• Validate your configuration by clicking the Test button and observing the Test Results section.
• Conclude the setup process by selecting Create.

Implementing the Forter Connector

Select or Create a Flow

Access your Dashboard and go to flows. Opt for an existing flow or generate a new one.

Integration

Click on the blue plus sign inside the flow builder and choose "Connector". You should be able to see the new connector actions as shown below:

Log In

Forter / Login Check is designated to be used after log-in to asses the user's behavior given the parameters.

• Customer's account UID: In the merchant's site. Should not be the user email. Leave empty if no account ID is available.
• Login Method Type: The authentication method used to log in. Possible values are:
  • "PASSWORD"
  • "SMS"
  • "SOCIAL"
  • "EMAIL_LINK_OTP"
  • "AUTH_TOKEN_REFRESH"
  • "APPLE"
  • "MFA_CODE_REFRESH"
  • "EMAIL_MAGIC_LINK"
  • "OTHER"
• Login Status: The status of the login attempt. Possible values are:
  • "SUCCESS"
  • "FAILED"
  • "BLOCKED_BY_MERCHANT"
  • "ACCOUNT_DOES_NOT_EXIST"
• User Input Type: The type of identifier used by the user to log in. Possible values are:
  • "USERNAME"
  • "EMAIL"
  • "PHONE"
  • "SOCIAL"
• User Email: The user's email. Leave empty if no email is available.
• User Phone: The user's phone. Leave empty if no phone is available.
• Additional Information: Generic object to include any generic data about the user.
• Account Data: Account data object as described in Forter docs.
• Additional Authentication Methods: Additional authentication method object as described in Forter docs.
• Customer Signed In Using Social Network Account: Boolean indicating if customer signed in using a social network account.

Sign Up

Forter / Sign Up Check is designated to be used after sign-up to asses the user's behavior given the parameters listed below:

• Customer's account UID: In the merchant's site. Should not be the user email. Leave empty if no account ID is available.
• Additional Information: Generic object to include any generic data about the user.
• Account Data: Account data object as described in Forter docs.
• Additional Account Event Identifiers: Additional account event identifiers object as described in Forter docs.
• Customer Signed In Using Social Network Account: Boolean indicating if customer signed in using a social network account.
• Promotions: Promotions object as described in Forter docs.

Profile Access

Forter / Profile Access Check is designated to be used after an MFA attempt to assess the user's behavior given the parameters listed below:

• Customer's account UID: In the merchant's site. Should not be the user email. Leave empty if no account ID is available.
• Additional Information: Generic object to include any generic data about the user.
• Account Owner: Account owner object as described in Forter docs.
• Additional Account Event Identifiers: Additional account event identifiers object as described in Forter docs.

Response

The response object populates the following context keys, depending on the action performed:

• connectors.forter_loginCheck
• connectors.forter_signUpCheck
• connectors.forter_profileAccessCheck

The fields that can be used inside the flow are:

• forterDecision - The latest Forter decision regarding the attempted action.
• recommendation - A specific recommendation for an action that might help the customer to complete their transaction/action (e.g. verify phone via SMS, verify via push notification, verify email, perform a 3DS check, etc.)
• verificationMethod - The specific verification method to be used when verification is required according to "recommendation" field.
• decisionReason - The main reason behind the Forter decision.
• merchantPolicyId - UID of the custom policy created in Forter's Policies tool that resulted in this decision.
• accountId - When applicable, the customer's account UID in merchant's site.
• correlationId - A forter unique identifier that should be sent to Forter as part of the AdvancedAuthenticationMethod object to correlate the MFA recommendation given in this response with the relevant additional authentication attempt result.

Examples

Integrating one of the connector actions inside a flow can be used in various scenarios. Here is an example of a flow that utilizes the result as follows:

The flow checks whether the user came back with an approved recommendation, if so it asks the user for a second-factor authentication.