RiskMinder Web Services Developer's Guide › Understanding RiskMinder Workflows › Enrollment Workflows › Implicit Enrollment

Implicit Enrollment

In the case of implicit enrollment, you do not need to call RiskMinder’s createUserRequest message explicitly from your application’s code to create a user in the RiskMinder database. Instead, when RiskMinder generates the ALERT advice for an "unknown user", it automatically calls the operation to enroll the user.

For this enrollment to work, it is important that you first set the value of User Enrollment Mode field in the Miscellaneous Configurations page of Administration Console to Implicit.

The steps for the implicit enrollment workflow are:

1. User logs in to your online application.

   Your system validates if the user exists in the system. If the user name is not valid, then your application must take appropriate action.

2. Your application collects information required by RiskMinder.

   Your application collects the following information from the user’s system that will be used by RiskMinder for analyzing the risk:

   • User system information that includes operating system, platform, browser information (such as browser language, HTTP header information), locale, and screen settings. Your application uses RiskMinder's Utility Script called riskminder-client.js to collect this information.
   • Device information that includes Device ID, which is stored on the end user's device.
   • Location information that includes the IP address and Internet Service Provider related information.
   • (Optionally, if you are using additional information) Additional Inputs that are specific to custom rules or the channel selected.
3. Your application calls RiskMinder’s evaluateRisk operation.

   Your application must call the evaluateRisk operation in RiskFortEvaluateRiskSvc. In this call, you must pass all the user and device information that you collected in Step 2 to RiskMinder.

4. RiskMinder performs risk analysis for the user.

   In this case, because the user is not yet "known" to the RiskMinder system, the default ALERT advice is generated.

5. RiskMinder creates the user in the database.

   For every ALERT advice that is generated, RiskMinder automatically uses the createUserRequest message in the ArcotUserRegistrySvc Web service to create the user record in the RiskMinder database. With this, the user is enrolled with RiskMinder.

   Book: See "Managing Users and Accounts" in the CA RiskMinder Web Services Developer’s Guide for detailed information about the createUserRequest message.

6. Your application calls RiskMinder’s evaluateRisk operation again.

   Your application must call the evaluateRisk operation in RiskFortEvaluateRiskSvc. In this call, you must ensure that you pass all the user and device information that you collected in Step 2 to RiskMinder.

7. RiskMinder performs risk analysis for the user.

   In this case, RiskMinder executes the rules and generates the risk score and the advice.

8. Your application stores the Device ID on the end-user’s system.

   After the user has been created, your application must store the Device ID returned by evaluateRisk as a cookie on the device that the end user is using for the current transaction.

The following figure illustrates the implicit enrollment workflow when RiskMinder automatically creates the user.

Implicit Enrollment Workflow