Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!

No-Code Rules Engine

Create rules and policies with no engineers.

Optimize your customer experience and manage risk with fine-grained control of your customer journeys with our powerful no-code rules engine.

Trusted by

What is an authentication rules and policy engine?

Authsignal's no-code rules and policy engine enables engineering and product teams to seamlessly balance customer experience and security. Leveraging conditional logic, trusted users enjoy good customers flows while bad actors are stopped in their tracks—all without writing a single line of code.

Build powerful rules with our ready-to-use data points.

We're always expanding our rule set—create a free account to see the growing list of rules in action.
IP/Network
IP country codes

Matches the IP address country code against a set of selected country codes.

IP is anonymous

Matches the IP address against a list of known anonymous exit codes, VPN, Tor, and Proxies.

Atypical travel

The IP address corresponds to a location outside the normal range of the user's previously verified location.

Impossible travel

The IP address corresponds to a location outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.

IP country code in OFAC list

The IP address belongs to a country code included in the OFAC list published by the US government.

IP address

The IP address associated with the tracked action.

IPv4 CIDR range

Match on CIDR range.

IPv4 is in whitelist

Matches the IP address against an IP address whitelist.

IP is unrecognized

Matches the IP address against a list of previously authorized IP addresses.

Device
Device is a bot

Detects if the device user agent is a known bot.

Device is new

A device is new if it has not been previously seen or authenticated.

Device count

The number of devices attributed to the user.

Last authenticated at

The time period at which a device was previously authenticated at.

Last verification method

The last verification method was previously used to authenticate.

User Agent
Operating system

The operating system of the device.

Browser engine

Browser engine being used.

Browser

Browser being used.

User
UserId

The ID of the user associated with the tracked action.

Email address

The email address of the user associated with the tracked action.

Phone number

The phone number (E.164) of the user associated with the action.

Enrolled authenticators

A list of the user’s enrolled authenticators.

The number of enrolled authenticators

The number of authenticators the user has enrolled.

Has previously verified

The user has previously completed at least 1 successful challenge.

Crypto
Wallet address

The wallet address sent in the track action call.

Asset code

The asset code for the crypto asset e.g. BTC/ETH.

Asset amount

The amount for the given transaction in the asset’s denomination.

Asset amount (USD)

The amount for the given transaction in US dollars.

Address is sanctioned

The boolean flag indicates whether the address is on a sanctions list (Chainalysis).

User ID Risk Score (Chainalysis)

The overall score of the User ID is LOW, MEDIUM, HIGH, or SEVERE from Chainalysis KYT.

Card Bin
Card issuer country code

Matches card issuer country code against a set of selected country codes.

Card issuer name

The name of the card issuer.

Card funding type

The funding type, Credit, Debit, Prepaid.

Card brand

The card scheme brand e.g. Visa, Mastercard.

Cross Action Context
Dynamically reference other tracked actions via window aggregations

Reference another action based on the count of occurrences (e.g. emailChanged in the last 1 hour).

Custom Metadata
Transaction metadata

Any available metadata at the point of transaction/action of types; String, Number or Boolean (e.g. transaction information amount, internal risk scoring).

User metadata

User level persistent metadata of types; String, Number or Boolean (e.g. CRM related data, customer group, customer attributes).

Build powerful rules with our ready-to-use data points.

Inject custom data

IP Geo/Country code
Geo-IP match.
IP Anonymous origination
Matches the IP address against a list of known anonymous exit codes, VPN, Tor, Proxies.
Atypical travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location.
Impossible travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.
IP country code is in OFAC list
The IP address belongs to a country code which is included in the OFAC list published by the US government.
IPv4 Address
String match on IPv4 address.
IPv4 CIDR Range
Match on CIDR range.

Device

Device is a bot
Detects if the device user-agent string is a known bot.
Device is new
Never before seen device that has not been previously authenticated.
Device count
The number of devices attributed to the user.
Device last authenticated at
The timestamp of which a device was last previously authenticated, creates rules to enforce challenges for previously authenticated devices based on a time period, i.e. 1 hour ago, 1 day ago etc.
Device user count
The number of users that have been associated with the device.
Is Jailbroken
Indicates if there’s a signal that the device is using a jailbroken OS.
Is using an emulator
Indicates if there’s a signal that the device is using an emulator.

User Agent

Operating System
The operating system of the device.
Browser Engine
Browser engine being used (e.g. Webkit etc).
Browser
Browser being used (Chrome, Safari).

Crypto

Wallet address
Wallet address (string match).
Asset code
Crypto asset code (e.g. ETH, BTC).
Asset amount
The amount for the given transaction in asset denomination.
Asset amount (USD)
The amount for the given transaction in US dollars.

User

User ID
The ID of the user associated with the tracked action.
Email Address
The email of the user associated with the tracked action.
Enrolled authenticators
Number of authenticators enrolled.
Type of enrolled authenticators
Type of Authsignal authenticators enrolled (e.g. SMS, TOTP, PASSKEY).
Has previously been verified
Has the user completed at least 1 successful challenge.

Cross Action context

Dynamically reference other tracked actions via window aggregations
Reference another action based on the count of occurrences (e.g. email changed in the last 1 hour).

Custom metadata

Transaction metadata
Any available metadata at the point of transaction / action of types:
• String
• Number
• Boolean
(e.g. transaction information amount, internal risk scoring).
User metadata
User level persistent metadata of types:
• String
• Number
• Boolean
(e.g. CRM related data, customer group, customer attributes).

Features

Ready to uplift your security? Connect with one of our experts.
Thank you! One of our team will be in touch.
Oops! Something went wrong while submitting the form.

Resources

How to Build a Secure Authentication Chain: Avoid Passkey Pitfalls and Enhance User Experience.
Learn how to build a secure authentication chain and avoid common passkey pitfalls. Discover key strategies to enhance security and user experience with passkeys and protect every stage of the authentication process.
Adaptive MFA for Auth0: Customize MFA UX to reduce consumer friction without upgrading your plan.
In this blog post, we will dive deeper into how you can fine-tune the MFA user experience with only some minor tweaks to your integration code.
Best Practices for Call Center Authentication & Fraud Prevention - Authsignal
Learn call center authentication best practices, including passive methods like FIDO2 passkeys and biometrics, to enhance security and prevent fraud.
View all articles