ThreatMetrix Integration Kit

ThreatMetrix IdP Adapter settings reference

The following are setting descriptions for the ThreatMetrix IdP Adapter.

Standard fields
Field Description

Org ID

The org ID that you noted in Configuring ThreatMetrix.

This field is blank by default.

API Key

The API key that you noted in Configuring ThreatMetrix.

This field is blank by default.

Policy Name

The name of the policy to use when requesting a review status.

The default value is default.

ThreatMetrix Base URL

The ThreatMetrix API URL.

If ThreatMetrix changes this URL, enter the new URL.

The default value is https://h-api.online-metrix.net.

Device Profiling

Determines whether the adapter creates a new ThreatMetrix session ID or receives one from another source.

Your selection depends on which device profiling method you set up.

Create new device profile

Select this option if you used one of the basic device profiling methods.

  • The ThreatMetrix IdP Adapter creates a new ThreatMetrix session ID.

  • In authentication API mode, the adapter provides a session ID to your web app.

  • Otherwise, the adapter shows the built-in device profiling page that runs the device profiling script.

Use existing ThreatMetrix session ID

Select this option if you used one of the enhanced device profiling methods.

  • In authentication API mode, the adapter looks for a session ID provided in response to the SESSION_ID_REQUIRED.

  • Otherwise, the adapter looks for a session ID provided in an HTTP cookie.

The default value is Create new device profile.

Device Profiling Script Source

Applies only with the Built-in (basic) device profiling method.

Determines the script used to create the device profile.

The ThreatMetrix SDK script runs locally, and the ThreatMetrix Web script fetches the latest device profiling script from ThreatMetrix each time. Learn more in Introduction to Profiling (requires sign-on) in the ThreatMetrix documentation.

The default value is ThreatMetrix Web.
Advanced fields
Field Description

Device Profiling Domain

Applies when Device Profiling is set to Create new device profile.

The domain used for device profiling.

If you requested a custom device profiling domain in Configuring ThreatMetrix, enter it here.

The default value is h.online-metrix.net.

Device Profiling Timeout

Applies when Device Profiling is set to Create new device profile.

The amount of time in milliseconds that PingFederate waits for the device profiling script to collect device details.

The minimum value is 3000. The default value is 5000.

Cookie Name

Applies only when Device Profiling is set to Use existing ThreatMetrix session ID.

The name of the cookie that contains the device profile.

If you customized the name for the cookie in the optional Integrating device profiling - Web app (enhanced) steps, enter the same name in this field.

The default value is tmxSessionID.

Service Type

Determines the attributes and sign-on event data that ThreatMetrix provides in the response. Learn more in the service_type parameter in Session Query Parameters (requires sign-on) in the ThreatMetrix documentation.

The default value is session-policy.

Failure Mode

When ThreatMetrix is unavailable or an error occurs, this setting determines the default review status.

To allow users to continue to sign on by satisfying stricter authentication requirements, select review.

Setting this field to pass isn’t recommended outside a test environment.

Unknown Session Mode

When ThreatMetrix returns an unknown session, this setting determines the review status used.

Setting this field to pass isn’t recommended outside a test environment.

Session Query API Endpoint

The ThreatMetrix Session Query API endpoint.

If ThreatMetrix changes this endpoint, enter the new endpoint.

The default value is /api/session-query.

Update API Endpoint

The ThreatMetrix Update API endpoint.

If ThreatMetrix changes this endpoint, enter the new endpoint.

The default value is /api/update.

Update API Enabled

After a user with a review status moves through the PingFederate authentication policy, the adapter informs ThreatMetrix whether authentication succeeded. This helps improve future risk assessments.

If your authentication policy doesn’t require users with a review status to pass any other authentication challenges, clear this checkbox to skip the update step.

This checkbox is selected by default.

API Request Timeout

The amount of time in milliseconds that PingFederate allows when establishing a connection with ThreatMetrix or waiting for a response to a request. A value of 0 disables the timeout.

The default value is 2000.

Proxy Settings

Defines proxy settings for outbound HTTP requests.

The default value is System Defaults.

Custom Proxy Host

The proxy server host name to use when Proxy Settings is set to Custom.

This field is blank by default.

Custom Proxy Port

The proxy server port to use when Proxy Settings is set to Custom.

This field is blank by default.