Implementation

Descope comes with many device fingerprinting capabilities out of the box. Many of the features are free and included with every tier of service, and some require a paid version of our product. This guide shows you how to setup each of the device fingerprinting capabilities in your flow.

If you wish to learn more about device fingerprinting in general, visit our fingerprinting page here.

Implementing Fingerprinting

All of the fingerprinting capablities in Descope can be utilized within a conditional block, with a specific key. However, depending on whether it is a paid or free feature there will be slight differences in how they are activated.

Using Free Features

These are the features available to Free tier users:

  • Risk-Based Authentication
  • Bot Detection
  • Impossible Traveler

Implementing Risk-Based Authentication in Flows

The risk-based authentication functionality can help reduce friction by generating a risk score based on a variety of request parameters determined by Cloudflare. This risk score will be generated between 0 and 1. Based on your risk tolerance you will be able to control when MFA is prompted in your flow, among other conditional logic, with this conditional statement:

Descope risk score condition

Implementing Bot Detection and Impossible Traveler in Flows

For either of these capabilities, the Descope fingerprinting service and Cloudflare will determine whether a bot is detected with riskInfo.botDetected or if the user is an "Impossible Traveler" with riskInfo.impossibleTravel. These will both return booleans, either True or False, that can be used in conditional statements to perform various logic.

Descope risk score condition

Using Pro Features

These are the features available to Descopers who are Pro Tier and up:

  • Trusted Device

Implementing Trusted Device in Flows

The Trust the Device functionality can reduce friction in a flow, by remembering the user that previously signed in.

Screen Input

To implement this in your flow, you can add the "Trust This Device" component to a screen, as seen below:

Descope trust this device button

If the Input button appears grayed out and unclickable, you have not configured a custom domain for this project.

Manual Action

In case you want to use "Trust This Device" with your logic inside a flow, you can use the action "Mark Device As Trusted":

Descope trust this device action

Here is an example of how you can use the functionality inside a flow:

Descope trust this device action in flow

Condition

The "Trust This Device" functionality can also be used inside a condition, inside the riskInfo key:

Descope trust this device condition

This step can be added as a security measurement or to trigger further authentication factors.

Using Enterprise Features

If you have the fingerprinting add-on and are an Enterprise customer, you can enable the additional paid features by following these steps.

Step 1: Enabling Fingerprinting in Flow Settings

Navigate your flow editor screen, and enable fingerprinting.

Opening up flow settings

Enabling fingerprinting

Note

Make sure to save your flow before continuing to the next step, otherwise the new fingerprinting keys won't appear in the conditional statements.

Step 2: Adding the Fingerprint / Assess Action Step

Add a new action step named Fingerprint / Assess in your flow. This step will collect fingerprinting information and allow you to customize your flow based on the derived values.

Adding the Fingerprint / Assess action step

Step 3: Utilizing New Keys for Conditional Statements

Once you've added the Fingerprint / Assess action step, you can use these supported keys in your conditional statements:

  • riskInfo.newDevice: A boolean indicating if the device is new.
  • riskInfo.VPNDetected: A boolean indicating VPN usage.

Conditional block in flow

You can build out a custom flow with these conditions, to meet your specifications.

As an example, if you want to have a different authentication experience for new devices versus previously-used devices, you can use fingerprinting for this. Implementing this would create a flow that looks something like this:

Full view of flow

Was this helpful?

On this page