Previous Topic: Configuring Trusted IP AddressesNext Topic: Uploading List Data

CA Risk Authentication Administration GuideManaging Global ConfigurationsManaging Global Rule ConfigurationsUploading Rule List DataConfiguring Trusted Aggregators

Configuring Trusted Aggregators

Aggregators are third-party vendors who provide account aggregation services by collating login information of users across multiple enterprises. The originating IP addresses when users log in from a protected portal versus when they come in through such aggregators are different. Many enterprises use the services of these account and data aggregation service providers to expand their online reach.

Transactions originating from (or routed through) aggregators "trusted" to the organization are considered low-risk. For this purpose, CA Risk Authentication provides the ability to configure a list of these aggregators so that all transactions originating from the aggregators’ IP addresses are assigned a low Score, and the ALLOW Advice.

CA Risk Authentication uniquely identifies an aggregator by combining their IP address range and a unique Aggregator ID. This Aggregator ID must also be sent to CA Risk Authentication along with the transaction.

CA Risk Authentication also enables you to specify up to three unique IDs for each aggregator at any time. This allows for the periodical rotation of the ID for the purpose of enhanced security. During this rotation, CA Risk Authentication continues to recognize the previous ID in addition to the new ID to allow updates to the aggregator at a later time.

Use the Manage List Data and Category Mappings page to perform the following tasks related to trusted aggregators:

Adding a Trusted Aggregator

To add a trusted aggregator, perform the following tasks:

  1. Ensure that you are logged in as a GA.
  2. Activate the Organizations tab.
  3. Under Manage Organizations, click the Search Organization link.
  4. Click the Search button on the Search Organization page to display the list of organizations.
  5. Under Select Organizations to Modify, click the link with the organization’s name to which you want to apply the rule.
  6. Click the CA Risk Authentication Configuration tab.
  7. Under the Rules Management section on the side-bar menu, click the Manage List Data and Category Mappings link.

    The Manage List Data and Category Mappings page is displayed.

  8. From the Select Existing Ruleset list, select the ruleset that for which this configuration is applicable.

    The ruleset configuration information is displayed.

  9. Select the Manage List Data option.
  10. From the Select List Type list, select Trusted Aggregator Lists.
  11. From the Select List drop-down list, select the list identifier that you specified while creating the corresponding list.
  12. Specify the name of the new aggregator in the Add New Aggregator field and click Create.

    The updated Trusted Aggregator Configuration page appears.

  13. Select the Aggregator that you want to configure from the drop-down list.
  14. Enter the starting IP Address in the IP Address field.
  15. Select one of the following options:
  16. Click Add Range to add this IP address or range to the database.

    The Trusted IP List table with the range that you just added for the aggregator appears at the end of the page.

    The changes are not yet active and are not available to your end users.

  17. To make the changes active, you must migrate them to production.

    See "Migrating to Production" for instructions to do so.

Updating a Trusted Aggregator

CA Risk Authentication enables you to update the Aggregator IDs. The periodic update of these IDs is referred to as rotation of Aggregator IDs.

Important! Periodic rotation or change of the Aggregator IDs is recommended for security purposes. You can decide this rotation duration according to your business rules.

After an ID is updated, you must ensure that the latest Aggregator ID is conveyed to the aggregator. There might be a delay in propagating the Aggregator IDs. In this duration, CA Risk Authentication recognizes the old, as well as the new Aggregator ID associated with the IP address.

Note: The transactions originating from the aggregator-end must contain this aggregator ID in the form specified by CA Risk Authentication APIs.

To update an aggregator ID:

  1. Complete Step 1 through Step 11 in "Adding a Trusted Aggregator" to display the Trusted Aggregator Configuration information.
  2. Select an existing aggregator from the Aggregator list.

    The Trusted Aggregator Configuration information with the Aggregator ID(s) for the selected aggregator appears.

  3. Click Update Aggregator ID to generate a new Aggregator ID.

    The updated Aggregator ID(s) for the aggregator appears, and the next empty Aggregator ID is displayed.

  4. In the Trusted IP List table, select the aggregator IP addresses or ranges you want to update.
  5. Make the required changes and click Update.

    The changes are not yet active and are not available to your end users.

  6. To make the changes active, you must migrate them to production.

    See "Migrating to Production" for instructions to do so.

Deleting a Trusted Aggregator

To delete a trusted aggregator, perform the following tasks:

  1. Complete Step 1 through Step 11 in "Adding a Trusted Aggregator" to display the Trusted Aggregator Configuration information.
  2. Select an existing aggregator from the Aggregator list.

    The Trusted Aggregator Configuration information appears.

  3. In the Trusted IP List table, select the aggregator IP addresses or ranges you want to delete.
  4. Click Delete to delete the selected information.

    The changes are not yet active and are not available to your end users.

  5. To make the changes active, you must migrate them to production.

    See "Migrating to Production" for instructions to do so.