Detecting “Impossible Travel” with your Gluu Server and Deduce

How can a user login from London, and one hour later, login from Sydney? Not even Virgin Galactic can get you there that fast (when it’s available)! But if we are using an IP address to determine the user’s location, and the person is using a VPN, this type of impossible travel is actually quite common. So in order to detect “impossible travel”, you need to be able to detect if a VPN is in use.

The Gluu community has been asking for this capability for some time. We’ve been on the lookout for an easily deployable solution. And finally, we’ve found one: Deduce Identity Insights . Using the Deduce API, you can gather actionable data in relation to a user’s digital activity to enable smarter, more accurate security decisions. Impossible travel is actually just one example of how organizations can implement interesting authorization workflows based on the rich amount of data returned from their service.

Calling the API from the Gluu Server

We have published a sample Person Authentication Interception script to demonstrate how to put the Deduce API to work.   This interception script leverages Gluu’s passwordless authentication flow. An overview is as follows:

  • Prompt for username
  • Call the Deduce API to detect impossible travel
  • If impossible travel is detected, lock the account and advise the end user to contact an administrator to unlock.
  • If impossible travel is not detected, query the Gluu database to see what 2FA credentials are available for this user, and proceed as normal

Of course this is just an example of one possible workflow.  If you were using passwords, another option might be to prompt the user for a second authentication factor if you detect impossible travel. Or perhaps you might want to trigger an internal alert, while allowing the user to continue browsing. Gluu is quite flexible, enabling you to implement any workflow you can imagine.

Deduce is the only identity fraud detection solution at scale that uses Activity, Device, Geography and Network information to determine the trustworthiness of a user profile. As a result, Deduce has some other interesting data that you can use to make your authentication and authorization workflows smarter. For example, is this a suspicious network for the user? Is it a suspicious time of day for the user? Is this user on a TOR network? Is this an older version of a device we haven’t seen in a while? Or is this a new device? You can factor all of this data (and more) into your security model to build an adaptive user experience. Ideally we only want to bother the end user when we detect risk. Deduce helps us do this without requiring organizations to build their own data collection and analytic stack.

About Gluu

Gluu is the industry leader in open source identity and access management. Implementing open standards like SAML, OAuth and OpenID Connect, the Gluu platform ensures maximum interoperability without vendor lock-in. Open source infrastructure software is leading the industry in innovation and reducing the total cost of ownership. Gluu offers freedom to use the software to implement the exact business logic you need for your customers and employees. Learn More

About Deduce

Deduce’s patented technology prevents unauthorized account access, data leakage, and identity fraud. Powered by a comprehensive consumer data network of over 150,000 websites, 400 million+ U.S. verified identity profiles and over a billion daily authenticated user events, we enable any business to harness the collective power of identity-based threat intelligence. Learn More