Contact salesSign inSign up

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Authsignal secures millions of passkey transactions out of our hosted Sydney region.

Join us today!

No-Code Rules Engine

Create rules and policies with no engineers.

Optimize your customer experience and manage risk with fine-grained control of your customer journeys with our powerful no-code rules engine.

Start building rules
No-code Rules Engine: Fine-Grain Control for Risk & CX - Authsignal

Trusted by

What is an authentication rules and policy engine?

Authsignal's no-code rules and policy engine enables engineering and product teams to seamlessly balance customer experience and security. Leveraging conditional logic, trusted users enjoy good customers flows while bad actors are stopped in their tracks—all without writing a single line of code.

IP/NetworkDevice
User AgentUserCryptoCard Bin
Cross Action ContextCustom Metadata

Build powerful rules with our ready-to-use data points.

IP/Network
IP country code
Matches the IP address country code against a set of selected country codes.
IP is anonymous
Matches the IP address against a list of known anonymous exit codes, VPN, Tor, and Proxies.
Atypical travel
The IP address corresponds to a location outside the normal range of the user's previously verified location.
Impossible travel
The IP address corresponds to a location outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.
IP country code is in the OFAC list
The IP address belongs to a country code included in the OFAC list published by the US government.
IP address
The IP address associated with the tracked action.
IPv4 CIDR Range
Match on CIDR range.
IPv4 is in whitelist
Matches the IP address against an IP address whitelist.
IP is unrecognized
Matches the IP address against a list of previously authorized IP addresses.
Device
Device is a bot
Detects if the device user agent is a known bot.
Device is new
A device is new if it has not been previously seen or authenticated.
Device count
The number of devices attributed to the user.
Last authenticated at
The time period at which a device was previously authenticated at.
Is jailbroken
Indicates if there’s a signal that the device is using a jailbroken OS.
Is using an emulator
Indicates if there’s a signal that the device is using an emulator.
User Agent
Operating system
The operating system of the device.
Browser engine
Browser engine being used.
Browser
Browser being used.
User
UserId
The ID of the user associated with the tracked action.
Email address
The email address of the user associated with the tracked action.
Phone number
The phone number (E.164) of the user associated with the action.
Enrolled authenticators
A list of the user’s enrolled authenticators.
The number of enrolled authenticators
The number of authenticators the user has enrolled.
Has previously verified
The user has previously completed at least 1 successful challenge.
Crypto
Wallet address
The wallet address sent in the track action call.
Asset code
The asset code for the crypto asset e.g. BTC/ETH.
Asset amount
The amount for the given transaction in the asset’s denomination.
Asset amount (USD)
The amount for the given transaction in US dollars.
Address is sanctioned
The boolean flag indicates whether the address is on a sanctions list (Chainalysis).
User ID Risk Score (Chainalysis)
The overall score of the User ID is LOW, MEDIUM, HIGH, or SEVERE from Chainalysis KYT.
Card Bin
Card issuer country code
Matches card issuer country code against a set of selected country codes.
Card issuer name
The name of the card issuer.
Card funding type
The funding type, Credit, Debit, Prepaid.
Card brand
The card scheme brand e.g. Visa, Mastercard.
Cross Action Context
Dynamically reference other tracked actions via window aggregations
Reference another action based on the count of occurrences (e.g. emailChanged in the last 1 hour).
Custom Metadata
Transaction metadata
Any available metadata at the point of transaction/action of types:
• String
• Number
• Boolean
(e.g. transaction information amount, internal risk scoring).
User metadata
User level persistent metadata of types:
• String
• Number
• Boolean
(e.g. CRM related data, customer group, customer attributes).
Add custom metadata

Build powerful rules with our ready-to-use data points.

Inject custom dataDeviceUser AgentCryptoUserCross Action contextCustom metadata

Inject custom data

IP Geo/Country code
Geo-IP match.
IP Anonymous origination
Matches the IP address against a list of known anonymous exit codes, VPN, Tor, Proxies.
Atypical travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location.
Impossible travel
The IP address corresponds to a location which is outside the normal range of the user's previously verified location, and the distance between the locations could not feasibly have been traveled within the time range by any commercial flight.
IP country code is in OFAC list
The IP address belongs to a country code which is included in the OFAC list published by the US government.
IPv4 Address
String match on IPv4 address.
IPv4 CIDR Range
Match on CIDR range.

Device

Device is a bot
Detects if the device user-agent string is a known bot.
Device is new
Never before seen device that has not been previously authenticated.
Device count
The number of devices attributed to the user.
Device last authenticated at
The timestamp of which a device was last previously authenticated, creates rules to enforce challenges for previously authenticated devices based on a time period, i.e. 1 hour ago, 1 day ago etc.
Device user count
The number of users that have been associated with the device.
Is Jailbroken
Indicates if there’s a signal that the device is using a jailbroken OS.
Is using an emulator
Indicates if there’s a signal that the device is using an emulator.

User Agent

Operating System
The operating system of the device.
Browser Engine
Browser engine being used (e.g. Webkit etc).
Browser
Browser being used (Chrome, Safari).

Crypto

Wallet address
Wallet address (string match).
Asset code
Crypto asset code (e.g. ETH, BTC).
Asset amount
The amount for the given transaction in asset denomination.
Asset amount (USD)
The amount for the given transaction in US dollars.

User

User ID
The ID of the user associated with the tracked action.
Email Address
The email of the user associated with the tracked action.
Enrolled authenticators
Number of authenticators enrolled.
Type of enrolled authenticators
Type of Authsignal authenticators enrolled (e.g. SMS, TOTP, PASSKEY).
Has previously been verified
Has the user completed at least 1 successful challenge.

Cross Action context

Dynamically reference other tracked actions via window aggregations
Reference another action based on the count of occurrences (e.g. email changed in the last 1 hour).

Custom metadata

Transaction metadata
Any available metadata at the point of transaction / action of types:
• String
• Number
• Boolean
(e.g. transaction information amount, internal risk scoring).
User metadata
User level persistent metadata of types:
• String
• Number
• Boolean
(e.g. CRM related data, customer group, customer attributes).

Features

Passwordless

Learn more

User Observability

Learn more

Ready to uplift your security? Connect with one of our experts.
Thank you! One of our team will be in touch.
Oops! Something went wrong while submitting the form.

Resources

How to Build a Secure Authentication Chain: Avoid Passkey Pitfalls and Enhance User Experience.
October 26, 2024
Learn how to build a secure authentication chain and avoid common passkey pitfalls. Discover key strategies to enhance security and user experience with passkeys and protect every stage of the authentication process.
Authentication Chain
No-code rules engine
Passkeys
Passwordless authentication
Adaptive MFA for Auth0: Customize MFA UX to reduce consumer friction without upgrading your plan.
October 1, 2024
In this blog post, we will dive deeper into how you can fine-tune the MFA user experience with only some minor tweaks to your integration code.
Guides
Auth0 integration
Risk based authentication
Flexible multi-factor authentication
Best Practices for Call Center Authentication & Fraud Prevention - Authsignal
October 16, 2024
Learn call center authentication best practices, including passive methods like FIDO2 passkeys and biometrics, to enhance security and prevent fraud.
Call center authentication
FIDO2
Account takeover
Deep fakes
View all articles

Authsignal is multi-factor authentication (passwordless authentication) as a service. Focused on powering mid-market and enterprise businesses to rapidly deploy optimized good customer flows that enable a flexible and risk-based approach to authentication.

AICPA SOC
LinkedInTwitter
Passwordless / Multi-factor Authentication (MFA)
Pre-built UI (Low code)UI Components (Customizable)Custom UI (Flexible)
Why Authsignal?
Drop-in Authentication
PasskeysBiometric AuthenticationWhatsApp OTPSMS OTPEmail OTPMagic LinksAuthenticator Apps (TOTP)Push NotificationsPalm Biometrics
Rules and Policies Engine
User Observability
Industries
Financial Services
Marketplace
FinTech
Crypto
View all Industries
Use Cases
Account Takeovers (ATO)
Go Passwordless
SMS Cost Optimization
Compliance
Existing Apps
View all Use Cases
Identity Providers (IDPs)
AWS Cognito
Auth0
Azure AD B2C
Duende IdentityServer
Keycloak
NextAuth.js
Integrations
C#
Node.js
Open ID Connect (OIDC)
PHP
Python
React
Ruby
Ruby on Rails
Supabase
Compare
Twilio vs AuthsignalAuth0 vs Authsignal
Resources
BlogDeveloper DocsSolutions MarketplaceKnowledge BaseFree Figma Mobile Passkeys TemplateFree Figma Desktop Passkeys TemplateFree Figma WebApp Passkeys TemplatePress ReleasesAboutContact
What is
Passwordless Authentication
What is MFA (Multi-Factor Authentication)?
United States
+1 214 974-4877
Ireland
+353 12 676529
Australia
+61 387 715 810
New Zealand
+64 275 491 983
© 2024 Authsignal - All Rights Reserved
Terms of servicePrivacy policySecuritySystem statusCookies