Implementation
Descope comes with many device fingerprinting capabilities out of the box. Many of the features are free and included with every tier of service, and some require a paid version of our product. This guide shows you how to setup each of the device fingerprinting capabilities in your flow.
If you wish to learn more about device fingerprinting in general, visit our fingerprinting page here.
Implementing Fingerprinting
All of the fingerprinting capablities in Descope can be utilized within a conditional block, with a specific key. However, depending on whether it is a paid or free feature there will be slight differences in how they are activated.
Using Free Features
These are the features available to Free tier users:
- Risk-Based Authentication
- Bot Detection
- Impossible Traveler
Implementing Risk-Based Authentication in Flows
The risk-based authentication functionality can help reduce friction by generating a risk score based on a variety of request parameters determined by Cloudflare.
This risk score will be generated between 0 and 1.
Based on your risk tolerance you will be able to control when MFA is prompted in your flow, among other conditional logic, with this conditional statement:
Implementing Bot Detection and Impossible Traveler in Flows
For either of these capabilities, the Descope fingerprinting service and Cloudflare will determine whether a bot is detected with riskInfo.botDetected or if the user is an "Impossible Traveler" with riskInfo.impossibleTravel.
These will both return booleans, either True or False, that can be used in conditional statements to perform various logic.
Using Pro Features
These are the features available to Descopers who are Pro Tier and up:
- Trusted Device
Implementing Trusted Device in Flows
The Trust the Device functionality can reduce friction in a flow, by remembering the user that previously signed in.
Screen Input
To implement this in your flow, you can add the "Trust This Device" component to a screen, as seen below:
If the Input button appears grayed out and unclickable, you have not configured a custom domain for this project.
Manual Action
In case you want to use "Trust This Device" with your logic inside a flow, you can use the action "Mark Device As Trusted":
Here is an example of how you can use the functionality inside a flow:
Condition
The "Trust This Device" functionality can also be used inside a condition, inside the riskInfo key:
This step can be added as a security measurement or to trigger further authentication factors.
Using Enterprise Features
If you have the fingerprinting add-on and are an Enterprise customer, you can enable the additional paid features by following these steps.
Step 1: Enabling Fingerprinting in Flow Settings
Navigate your flow editor screen, and enable fingerprinting.
Note
Make sure to save your flow before continuing to the next step, otherwise the new fingerprinting keys won't appear in the conditional statements.
Step 2: Adding the Fingerprint / Assess Action Step
Add a new action step named Fingerprint / Assess in your flow. This step will collect fingerprinting information and allow you to customize your flow based on the derived values.
Step 3: Utilizing New Keys for Conditional Statements
Once you've added the Fingerprint / Assess action step, you can use these supported keys in your conditional statements:
riskInfo.newDevice: A boolean indicating if the device is new.riskInfo.VPNDetected: A boolean indicating VPN usage.
You can build out a custom flow with these conditions, to meet your specifications.
As an example, if you want to have a different authentication experience for new devices versus previously-used devices, you can use fingerprinting for this. Implementing this would create a flow that looks something like this:
