Geolocation Impossible Journey Action
The Geolocation Impossible Journey Action gives the ability to an admin to configure additional measures when a user attempts to login after making an impossible journey. For example, a user is located in Sweden and uses an authenticator to login. After two hours the same user is trying to login from Singapore. If we assume that a user cannot travel with a speed higher than 250Km/h as a default value, then this journey is impossible to happen within two hours, indicating that this second attempt to login might seem suspicious.
Configuration#
The configuration of the Geolocation Impossible Journey action accepts the following parameters:
| Configuration | Mandatory | Description |
|---|---|---|
| bucket | Yes | The bucket to store the location of the user. |
| impossible-journey-action-attribute-name | No | The name of the attribute that will be potentially used from a following action. Default value is requireSecondFactor. |
| impossible-journey-action-attribute-location | No | The location for the above attribute. Default value is subject-attributes. |
| speed-in-kmh-for-impossible-journey-calculations | No | The speed that can dictate if a journey is impossible (km/h). Default is 250 km/h. |
Back-channel support#
This action can be used in back-channel authentication.