Skip to main content

Security

Security is a fundamental aspect of identity and access management. LoginRadius offers robust security features to protect customer identities, prevent unauthorized access, and ensure compliance with privacy regulations. This document covers key security mechanisms, including user attack protection, password management, multi-factor authentication (MFA), session management, risk-based authentication, consent and access management, and role-based permissions.

Common Business Use Cases

  • Preventing Fraudulent Access: Blocks unauthorized logins with brute force protection and bot detection.
  • Protecting Sensitive Data: Enforces strong password policies and secure hashing to safeguard user credentials.
  • Ensuring Secure Authentication: Implements MFA to prevent account takeovers and unauthorized access.
  • Managing User Sessions: Controls session duration, automatic timeouts, and concurrent login restrictions.
  • Maintaining Compliance: Ensures adherence to regulatory requirements with consent management and role-based access control.

Customer Security

LoginRadius provides multiple security solutions to protect user accounts, prevent fraud, and enhance platform security. These measures include fraud prevention, password management, multi-factor authentication, risk-based authentication, and more. Below is an overview of key security mechanisms.

User Attack Protection

User Attack Protection is a security framework designed to protect user accounts from unauthorized access attempts, including brute force attacks, bot intrusions, and compromised credentials breaches. Integrating multiple security features strengthens authentication processes and reduces the risk of malicious activities.

  • Brute Force Protection: Restricts account access after repeated failed login or incorrect token/OTP attempts.
  • Breached Password Protection: Prevents users from using known compromised passwords.
  • Bot Protection: Implements CAPTCHA challenges to prevent automated attacks.
  • Domain Access Management (IP Access Restriction): Allows only specified IP addresses to make authentication requests.

Refer to the User Attack Protection Documentation for comprehensive details on configuring session settings.

Password Management

Password management is critical to securing user accounts and preventing unauthorized access. Organizations can mitigate security risks associated with weak or compromised credentials by enforcing robust password policies. The LoginRadius Admin Console provides administrators with a suite of password management features, enabling them to define password rules, enforce security standards, and ensure compliance with best practices.

This document outlines key aspects of password management, including password expiration, password history, and password complexity. It also highlights default password policies, compliance checks, and password visibility settings to help organizations maintain strong security hygiene.

Password Management Features

  • Password Expiration: Ensures users update their passwords periodically to minimize security risks.
  • Password History: Prevents users from reusing previous passwords to maintain stronger security.
  • Password Complexity: Enforces strong password creation by applying validation rules.

For detailed configuration steps and customization options, navigate to the Password Management Documentation

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) enhances security by requiring users to verify their identity through multiple authentication factors. It provides an additional layer of protection against unauthorized access, ensuring the account remains secure even if one authentication factor is compromised.

MFA Authentication Methods

LoginRadius supports the following MFA methods:

  • SMS OTP: A one-time passcode is sent via SMS for verification.
  • Time-Based OTP: Users generate an OTP through an authenticator app.
  • Email OTP: A verification code is sent via email.
  • Security Questions: Users answer predefined questions for authentication.
  • Push Notification: A push request is sent for approval.
  • Passkey: Uses public-private key cryptography for phishing-resistant authentication.
  • Backup Codes: Users generate backup codes for emergency access.
  • Duo Authentication: Supports push notifications, SMS, and hardware tokens for MFA.

Please refer to the MFA Documentation in the LoginRadius Admin Console for detailed configuration steps.

Step-Up Authentication

Step-up authentication requires users to re-authenticate when performing sensitive actions, such as changing passwords or accessing critical data. This ensures that even if a user session is active, additional verification is required for high-risk operations.

For detailed configuration steps, navigate to the Step-Up Authentication Documentation.

Session Management

Session Management is crucial in securing user sessions by defining duration, managing token lifetimes, and mitigating risks like session hijacking. It balances user convenience and security by allowing organizations to enforce policies that regulate session behavior and expiration.

Administrators can configure session settings to determine how long a user remains authenticated before requiring re-authentication. This helps reduce unauthorized access risks while maintaining a seamless user experience.

Use Cases:

  • Enforcing session timeouts for inactive users to prevent unauthorized access.
  • Setting up automatic session expiration for highly sensitive environments.
  • Implementing token refresh policies to balance security and usability.

Refer to the Session Management Documentation for comprehensive details on configuring session settings.

Risk-based/Adaptive Authentication

Risk-Based Authentication (RBA) enhances security by assessing user behavior and enforcing additional verification measures when unusual activities are detected. It dynamically evaluates risk factors such as location, device, IP address, and browser history to determine if further authentication is necessary.

By leveraging RBA, organizations can strengthen account security while maintaining a frictionless user experience for legitimate access attempts. When a login attempt appears suspicious, predefined security responses—such as multi-factor authentication (MFA) prompts, alerts, or access restrictions—are triggered to mitigate potential threats.

For detailed configuration steps, navigate to the Risk-based/Adaptive Authentication Documentation.

As global regulations tighten around data protection, managing user consent and privacy settings has become essential for businesses. LoginRadius provides comprehensive tools to manage user consent, privacy policies, and access controls efficiently.

Consent Management enables businesses to obtain, manage, and store customer consent at various stages, such as registration, login, or throughout their lifecycle. This functionality ensures compliance with global data protection regulations, including GDPR and CCPA, while giving customers transparency and control over their data.

Use Cases:

  • A company collecting user consent for marketing emails during sign-up.
  • Allowing users to revoke previously granted consents via a self-service portal.
  • Ensuring compliance with regional data protection laws by recording consent timestamps.

For detailed configuration steps, refer to the Consent Management Configuration Guide.

Privacy Policy Management

Privacy Policy Versioning allows businesses to track changes in their privacy policies, ensuring that customers acknowledge and accept the latest versions. This feature supports compliance with legal requirements and provides a structured approach to managing policy updates.

Use Cases:

  • Notifying users of updated privacy policies and requiring re-acceptance before continuing.
  • Maintaining a history of past privacy policy versions for audit purposes.
  • Automatically enforcing updated policies based on user segments.

For detailed configuration steps, refer to the Privacy Policy Management Configuration Guide

Roles and Permissions

Roles and Permissions allow businesses to control access levels within their applications. Companies can enforce security measures and ensure appropriate access to system functionalities by assigning user roles and defining specific permissions.

Use Cases:

  • Restricting access to sensitive data based on user roles.
  • Allowing administrators to manage user permissions dynamically.
  • Implementing context-based permissions for specific actions within an application.

For detailed configuration steps, refer to the Roles and Permissions Configuration Guide

Best Practices

  • Enable MFA to add an extra layer of security and protect against unauthorized access.
  • Implement Strong Password Policies to prevent weak or compromised passwords.
  • Use Risk-Based Authentication to detect suspicious behavior and trigger additional verification.
  • Enforce Secure Session Management to limit session duration and prevent hijacking.