The Trusted Device Service may store a trust relationship between a device and a specific user.
Users typically employ a small handful of devices to log in (a cell phone, a work laptop, and a home computer). By identifying these devices for specific users, the customer may reduce friction at login using policies to only challenge users with a device not already known and trusted.
Example:
You created a policy to Challenge a login coming from an end user with a device not previously trusted for that end user. Jane signs in using her new cell phone. Because this cell phone is not trusted for her, the response from the Kount Login Event API is Challenge.
You ask Jane to perform a step-up authentication (asking her to input a code sent to her from a text message). She succeeds, and is able to sign in to her account. You then send an update to Kount to trust this device for Jane. Kount stores this trust relationship so the next time Jane signs in with this device, she would not be asked for step-up authentication.
There are several purpose-built endpoints available with the Trusted Device Service.
- Create Trusted Device Record: Used after an end user has met a step-up challenge and you would like to store the trust state of the device for that user.
- Update Trusted Device Record: Used to alter the trust state between a device and an end user. Options include trusted or banned. Typically, this is to ensure that a specific end user cannot sign in using a specific device.
- Read Trust States: Options to review information for all users connected to a device, all devices connected to an end user, or the trust state for a specific user/device pair. May be used to identify an end user before the end user has signed in to the site. Can also be used to allow typically used to display a list of trusted devices specific to the end user.
- Delete Trusted Device Record: Used to delete the record of a relationship between an end user’s ID and a device. Typically used when there is a limited number of devices that can be used for a specific account and the end user wants to replace one device for a new one.