Why This Matters Now

Sophisticated credential-stuffing bots are increasingly targeting login endpoints, even those protected by robust perimeter defenses like Akamai. While Akamai’s advanced bot detection algorithms flag malicious activities at the edge, these signals often go unnoticed once the requests reach the identity layer, such as Auth0. This gap can lead to successful identity attacks despite having strong perimeter protection.

The recent surge in credential stuffing and automated attacks has made it critical to bridge this gap. Integrating Akamai’s risk signals directly into Auth0 Actions allows organizations to make informed security decisions based on comprehensive risk assessments.

Bridging the Gap with Supplemental Signals in Actions

Akamai’s integration with Auth0 Actions, now generally available, transforms passive risk signals into actionable events. By leveraging Akamai’s telemetry from products like Account Protector and Bot Manager, developers can implement sophisticated security measures directly within Auth0.

How It Works

When a request passes through Akamai, it attaches risk signals to the request headers. These signals include information such as user risk scores and bot scores. Auth0 Actions can then read these signals and take appropriate actions, such as enforcing multi-factor authentication (MFA) or blocking user registrations.

Example: Enforcing MFA Based on User Risk Score

Here’s a practical example of how to enforce MFA when Akamai’s Account Protector detects a high-risk user:

// First Action to require MFA
exports.onExecutePostLogin = async (event, api) => {
    const userRiskHeader = event.authentication?.riskAssessment?.supplemental?.akamai?.akamaiUserRisk;
    // Trigger MFA if Akamai Account Protector signals high risk
    if (userRiskHeader?.score && userRiskHeader?.score >= 90) {
        console.log(`Setting app metadata for session id: ${event.session?.id}`);
        api.user.setAppMetadata(`mfa_required_${event.session?.id}`, true);
    }
    if (userRiskHeader?.score && userRiskHeader?.score >= 90 || event.user.app_metadata[`mfa_required_${event.session?.id}`]) {
        console.log(`Requiring MFA FOR Session id: ${event.session?.id}`);
        api.multifactor.enable('any', { allowRememberBrowser: false });
    }
};

// Second Action to clean up metadata
exports.onExecutePostLogin = async (event, api) => {
    const mfaMethod = event.authentication?.methods.find((method) => {
        return method.name === 'mfa';
    });
    if (mfaMethod) {
        console.log(`Removing MFA requirement for session id: ${event.session?.id}`);
        api.user.setAppMetadata(`mfa_required_${event.session?.id}`, undefined);
    }
};

Example: Mitigating Signup Attacks Based on Bot Score

Another use case is to prevent automated registrations by checking Akamai’s Bot Manager scores:

exports.onExecutePreUserRegistration = async (event, api) => {
    const akamaiBot = event.authentication?.riskAssessment?.supplemental?.akamai?.akamaiBot;
    // Deny registration if Bot Manager results indicate a high bot score
    if (akamaiBot?.botScore && akamaiBot.botScore >= 90) {
        return api.access.deny(
            "automated_registration_detected",
            "Registration is currently unavailable. Please ensure you are using a supported browser."
        );
    }
};

Benefits of Integration

  • Enhanced Security: Leverage Akamai’s advanced risk detection capabilities within Auth0.
  • Contextual Decisions: Make informed security decisions based on the full context of the network journey.
  • Active Defense: Turn passive risk signals into proactive security measures.

Identity Orchestration

By integrating Akamai signals into Auth0 Actions, organizations can perform identity orchestration. This means making precise, user-aware security decisions that adapt to the risk level of each request. For instance, you can enforce MFA for high-risk users while allowing low-risk users to log in seamlessly.

Key Points

  • User Awareness: Actions can read user-specific risk scores and tailor responses accordingly.
  • Scalability: Easily scale security measures across your entire user base.
  • Flexibility: Implement custom logic to handle different risk scenarios.

Real-World Impact

Imagine a scenario where a sophisticated bot attempts to register multiple accounts on your platform. Without integration, these bots might succeed, leading to account takeovers and potential fraud. However, with Akamai signals integrated into Auth0 Actions, you can automatically deny these registrations based on high bot scores, effectively stopping the attack before it happens.

Case Study

A large e-commerce company recently experienced a significant increase in automated registration attempts. By integrating Akamai’s risk signals into Auth0 Actions, they were able to block over 95% of these attempts, significantly reducing the risk of account takeovers and fraud.

🎯 Key Takeaways

  • Integrate Akamai risk signals into Auth0 Actions to enhance security.
  • Enforce MFA for high-risk users and block automated registrations.
  • Leverage contextual risk information for informed security decisions.

Best Practices

  • Monitor Signals: Regularly review the risk signals being sent from Akamai to ensure they align with your security policies.
  • Test Configurations: Thoroughly test your Actions configurations in a staging environment before deploying to production.
  • Stay Updated: Keep abreast of updates and improvements to both Akamai and Auth0 to maximize the effectiveness of your integration.

Conclusion

Integrating Akamai’s risk signals into Auth0 Actions is a powerful way to enhance your identity security strategy. By bridging the gap between edge protection and identity management, you can make informed, data-driven security decisions that protect your users and your business.

💜 Pro Tip: Start by integrating MFA enforcement for high-risk users and gradually expand to other security measures.

Connect your Akamai signals to Auth0 today and start making smarter, data-driven security decisions.