Login from a new device - Loginapp Event

If someone logs in from an unknown browser or device, the Loginapp can produce an event, which in turn may be used, for example, to send an email or SMS message to the end user.

Example email:

Dear John Doe
Someone has logged in from a previously unused browser.

Time: Device: Browser: Country: IP address:

Mar 31, 14:51 Mac Safari Canada 15.235.119.126

If this login was done by you - relax. Everything is fine and you can ignore this email.

• If you do not recognize this information, we recommend that you immediately take the following actions to protect your account:
• Reset your password
• Contact our service desk

Note that the above is just an example of usage. You may process the event in another way using a different event subscriber.

A new step must be added to the authentication flow to enable the feature. If the step is processed, a cookie is stored in the browser to mark the browser as known for the user logging in.

1. Go to:
   Loginapp >> Applications and Authentication >> a target application >> Authentication Flow
2. To the list of Steps, add a new plugin configuration of type Login From New Device Step.
3. Drag the new step to place it in the flow after the last step of the actual user authentication. If unsure, make it the last step in the flow.
4. Configure the details of the Login From New Device Step. Refer to the property documentation in the Config Editor for more information.
5. To process the event, e.g. to send an email message, configure an event subscriber in Loginapp >> Event Settings. See links below for further information.

In property Key, an encryption key is configured. It is used to encrypt the information stored in the browser.

If the key is altered, all browsers of all users are considered to be unknown when logging in for the first time. This results in a new event for every first login per browser.

The cookie sent to the browser needs to be whitelisted in the IAM mapping configuration of Airlock Gateway. The default cookie name, AL_LoginFromNewDevice, is part of the mapping template.

• To make the feature work, make sure to either
• use an up-to-date mapping template

or

• manually whitelist the cookie name in the IAM mapping's Passthrough Cookies setting.

If choosing a non-default cookie name, adapt the IAM mapping accordingly.

For geolocation information to be available in the event data, a geolocation provider has to be configured in Loginapp >> Geolocation Provider.

The Logged in from new Device event contains information about login, such as the client IP address, geolocation, browser make, operating system, etc.

Details about available event attributes can be found in Event attributes.

After successful login, a persistent HTTP cookie is stored in the browser to distinguish known from unknown browsers. The cookie contains the usernames of the 10 most recent logins for the browser. The cookie is encrypted and signed, so it cannot be read, forged, or altered.

Hence, inspecting the cookie in the browser does not reveal the names of the users that logged in.

Based on this cookie, the Loginapp can detect whether a user has already successfully logged in on the browser. If not, a corresponding event is published in the Loginapp.

The feature stores at most 10 users per browser.

• Internal links:
• Available event attributes: Event attributes
• General information on events: Event-based subscriber notification
• Event notification configuration in the Loginapp