- Service Overview
- Billing
- Getting Started
-
User Guide
- Before You Start
- Buying an Instance
- Instance Management
-
Enterprise Administrator Guide
- Logging In to the OneAccess Administrator Portal
- User Management
-
Resources
- Overview
-
Applications
- Adding an Application
- Enabling, Disabling, or Deleting an Application
- General Information
- Authentication Integration
- Synchronization Integration
- Login Configuration
- Access Control
- Object Models
- Authorization Management
- API Permission Management
- Application Permission Management
- Security Settings
- Audit Logs
- APIs
- Authentication
- Security
- Audit
- Settings
- Common User Guide
- Key Operations Recorded by CTS
-
Best Practices
- OneAccess Best Practices
- Identity Source Integration
-
Application Integration
-
Logging In to the Huawei Cloud Through User Portal
- Introduction
- Logging In to Single Huawei Cloud Account via OneAccess Without Password (SAML - Virtual User SSO)
- Logging In to Multiple Huawei Cloud Accounts via OneAccess Without Password (SAML - Virtual User SSO)
- Logging In to Single Huawei Cloud Account via OneAccess Without Password (SAML - IAM User SSO)
- Logging In to Multiple Huawei Cloud Accounts via OneAccess Without Password (SAML - IAM User SSO)
- Logging In to Huawei Cloud via OneAccess Without Password (OIDC)
- SSO Access to Applications Through SAML
- SSO Access to Applications Through OAuth 2.0
- SSO Access to Applications Through OIDC
- SSO Access to Applications Through CAS
- SSO Access to Applications Through Plug-in Autocompletion
-
Logging In to the Huawei Cloud Through User Portal
- Data Synchronization
- Authentication Provider Integration
- Authorizing IAM Users to Access a OneAccess Instance Administrator Portal
- API Usage
- Configuring MFA for User Login
- Developer Guide
-
API Reference
- Before You Start
- API Overview
-
OneAccess APIs
-
Management APIs
- Calling APIs
- Access Credentials
-
User Management
- Creating a User
- Modifying a User
- Deleting a User
- Enabling a User
- Disabling a User
- Changing a User Password
- Verifying and Modifying the Original User Password
- Querying User Details by User ID
- Querying User Details by Username
- Querying the User List
- Authorizing an Application Account
- Querying All Authorized Application Accounts of a User
- Organization Management
- Application Organization Management
- Application Account Management
- Application Role Management
- User APIs
- Application Integration APIs
-
Management APIs
- Appendix
- FAQs
- General Reference
Copied.
Managing Risky Behaviors
OneAccess can detect abnormal account behavior. After the function is enabled, the system detects abnormal user behavior based on the preset behavior rules. When a risk is triggered, the system sends an alarm in real time.
There are four types of risks:
- Abnormal IP address: The login IP address of the account is inconsistent with the common IP address.
- Abnormal location: The login location of an account is inconsistent with the common location.
- Abnormal device: The login device (browser or terminal device) is inconsistent with the common device.
- Account lockout: The number of incorrect password attempts exceeds the threshold set in the password policy, the account will be locked.
When the configured behavior triggers a risk, the system sends a risk notification through email, SMS, or DingTalk.
Adding a Behavior
- Log in to the administrator portal.
- On the top navigation bar, choose Security > Risk Behavior Manage.
- On the risky behavior management page, click Add operation, and set parameters.
Table 1 Behavior parameters Parameter
Description
* Behavior name
Name of a risky behavior.
* Risk type
Risk event type. The options include Error location, Error device, Error IP, and Account Locked.
Location type
Abnormal location range. You can define abnormal location events based on the selected location type.
NOTE:
This parameter is available only when location type is set to Error location.
* Frequency settings
Set a default value for the IP addresses, devices, and locations that are frequently used for login. If the default values are not used, abnormal behaviors are displayed in the risk events and risk dashboard.
NOTE:
When risk type is set to Account Locked, this parameter is not available. If the number of incorrect password attempts exceeds the threshold specified in the password policy, the account is locked, the behavior is marked as a risk event, and is displayed in the risk events and risk dashboard.
Description
Description of the added behavior.
- Click OK. The behavior is added. The added risky behavior is displayed in the risky behavior list. You can filter the risky behavior by risk type.
Editing a Behavior
- Log in to the administrator portal.
- On the top navigation bar, choose Security > Risk Behavior Manage.
- Click Modify in the Operation column of the target behavior to modify its configuration.
- Click OK.
Deleting a Behavior
- Log in to the administrator portal.
- On the top navigation bar, choose Security > Risk Behavior Manage.
- Click Delete in the Operation column of the target behavior.
- Click OK.
Disabling a Risky Behavior
- Log in to the administrator portal.
- On the top navigation bar, choose Security > Risk Behavior Manage.
- In the Status column of the target behavior, click
.
- Click OK.
Enabling a Risky Behavior
After a risky behavior is enabled, the system detects abnormal user behavior based on the preset behavior rules. When a risk is triggered, the system sends an alarm in real time.
- Log in to the administrator portal.
- On the top navigation bar, choose Security > Risk Behavior Manage.
- In the Status column of the target behavior, click
.
- Click OK.
Setting Notifications
When the configured behavior triggers a risk, the system sends a risk notification based on your setting.
- On the risky behavior management page, click Notify setting.
- In the displayed dialog box, set the notification method and objective.
Table 2 Notification parameters Parameter
Description
* Notification method
Way in which the system sends a notification when a risk behavior is triggered.
Notifications can be sent through email, SMS, or DingTalk. If you select email or DingTalk, set the gateway by referring to Email Gateway and DingTalk Gateway.
* Send objective
Object to which the system sends a notification when a risk behavior is triggered. By default, notifications are sent to all users. You can also exclude specified users.
- Click OK.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot