Credentials Intelligence: Enforcer Integration Guidelines

This section details all the required features that should be configured in the Enforcer (server-side integration) for Credential Intelligence to work.

Supported Enforcer Types
Required Configurations

Supported Enforcer Types

Apache - C Module
AWS Lambda Edge
Cloudflare Worker
Fastly
GO
Java
NGINX - C Module
NGINX - LUA Module
Node.JS Express
PHP

Required Configurations

Step 1: Enable the Credential Extraction Flag

This is a boolean flag on the enforcer configuration to enable the product.
Click here to review an example for Cloudflare configuration.

Step 2: Configure the Credential Extraction Paths

This is an array of extraction configurations that detail which requests have credentials on them and how to extract the credentials from these request. Click here to review an example for Cloudflare configuration.

Note: It may be necessary to configure sensitive routes to include all login paths for older enforcer versions.
Click here to review an example for Cloudflare configuration.

Step 3: Configure the Method to Retrieve the Response Status (Fail/Pass)

This is a series of configurations that determine how to report whether the login request was successful or not on the additional_s2s activity.
Click here to review an example for Cloudflare configuration.

Step 4: Configure Multi-Step Logins if Applicable

This step is required only for multi-step authentication methods. Only in cases where usernames and passwords are sent in separate HTTP requests, the px_credentials_intelligence_version configuration value should be set to multistep_sso.

Note: Multiple authentication methods and paths are supported, even if some are multi-step and some are not.
Click here to review an example for Cloudflare configuration.


Did this page help you?