Reporting User Suspicious Activity

When an authenticator is blocked due to a user-reported suspicious activity (unauthorized authentication attempts such as push notification fatigue attacks), you can reset the flag counter by unblocking (automatic or manual) the authenticator.

The blocked authenticator is unblocked automatically or manually based on the configured settings for the HID approve SDK App. For configuring the settings, refer to Suspicious Activity and Blocked Authenticator Handling.

For automatic unblocking, the blocked authenticator is automatically reset after the defined time period (cool-down period) configured in the configuration settings of the HID approve SDK App.

Note: The default cool-down period is 15 minutes. However, you can change the default cool-down period based on the requirement.

To manually unblock the authenticators, follow the steps below:

  1. Sign in to Administration portal.

  2. Click Users in the left navigation bar to open the Users page.

  3. Choose a user from the user list to manually unblock the authenticator flagged for suspicious activity.

  4. In the user account page, you can see an authenticator status donut or doughnut chart of suspicious activity reported with UNBLOCK button.

  5. Click UNBLOCK button, then Unblock Authenticator confirmation dialog box appears.

    Once click OK, then the authenticator is unblocked and now user can able to authenticate the Self Service Portal.

    Important: When unblocking and resetting the suspicious activity authenticator, any existing failure counts (Authentication Failures and/or Challenge Threshold Exceeded) will only be reset for authenticators that have reached the threshold values, not for all the existing failure counts.

    Note: The audit record log and user activity summary should reflect the user-reported suspicious activity, including details such as when an authenticator is blocked or unblocked and the actions performed.