Detect Fraud Before It Happens—Powered by Risk Signals

Beyond IP or location checks, Keymate now assesses user behavior, device fingerprints, bot patterns, and session context in real time to generate actionable risk scores that shape authentication and authorization decisions dynamically.

Context-Aware Risk Evaluation with Behavioral and Device Intelligence

Risk Score as a First-Class IAM Signal

Keymate continuously gathers and evaluates real-time signals to form a dynamic risk score that informs token issuance and access control decisions.

Real-Time Signal Evaluation

These signals are evaluated within Keymate's Risk Engine, scored, and made available to FGAC policies, token enrichment, and observability pipelines. This provides an adaptive IAM layer—informed, contextual, and real-time.

Example: The Keymate Risk Engine aggregates multiple signals into a unified risk score.

Key Components:

Behavioral signals (click velocity, navigation flow, idle patterns)

Device fingerprints (browser fingerprinting, mobile identifiers)

Bot detection (timing patterns, headless browsers, script-based interaction)

Environmental context (IP geolocation, VPN/proxy usage)

Temporal anomalies (midnight logins, sudden timezone shifts)

Historical correlation (first-time login, unusual behavior vs. baselines)

What Makes It Unique

Behavioral Anomaly Detection

Analyze user flow deviations to flag suspicious behavior

Device Fingerprinting

Identify trusted vs. unknown devices across sessions

Bot & Automation Detection

Detect scripted or non-human behavior patterns

Session Risk Scoring Engine

Aggregate real-time signals into actionable risk levels

Risk-Aware Token Policies

Adjust token TTL, scopes, or prompts based on dynamic risk

Policy DSL Risk Hooks

Use token.risk.score, session.device.trust, etc. in rules

RADAC Integration

Combines low-level IP/time checks with high-level risk models

Audit & Forensics Integration

See risk sources and breakdowns in observability dashboards

Frequently Asked Questions

No. This extends RADAC with more advanced risk signals and contextual scoring.

It can be both. Default risk levels use weighted rules; optionally, models can be trained on usage data.

Only high-risk sessions are challenged with step-up MFA, CAPTCHA, or denial. Most users experience no difference.

Device fingerprints are hashed, session-bound, and not tied to PII. No tracking across sites.

How to Use This Feature

Follow these steps to enable Advanced Risk Signals & Adaptive Authentication.

Implementation Steps

Enable Risk Engine module from Admin Console

Configure signal collectors (browser SDK, proxy header extraction, device JS agent)

Define thresholds and mappings from risk scores to actions (e.g., MFA, deny, notify)

Use DSL rules like token.risk.level == "low" in access control policies

Monitor anomalous sessions, blocked logins, and score distributions in the observability panel

ELEVATE YOUR IAM STRATEGY

Ready to Transform Your Keycloak Experience?

Implement fine-grained authorization, multi-tenant infrastructure, and comprehensive security policies with Keymate — built on the Keycloak foundation you already trust.