Skip to content

Setting up two-factor authentication using behavioral biometrics with Neomia Pulse

This article describes the procedure for configuring and activating Neomia Pulse artificial intelligence-based MFA.
This does not require any additional devices for the user to identify themselves based on how they type on their keyboard.

Prerequisites

Only three prerequisites are necessary to ensure that Neomia Pulse MFA works:

  1. Subscribe to the Neomia Pulse option for cyberelements.io
  2. Use user authentication domains of type local or LDAP, as Neomia Pulse cannot be used with domains of type anonyme or SAML on cyberelements.io
  3. Apply another type of MFA (OTP, TOTP, or Radius) on the same domain

Only four prerequisites are necessary to ensure that Neomia Pulse MFA works:

  1. Retrieve your Neomai Pulse API key for cyberelements Cleanroom
  2. Open TCP 443 access between the Mediation Controllers and api.neomia.ai
  3. Use user authentication domains of type local or LDAP, as Neomia Pulse cannot be used with domains of type anonyme or SAML on cyberelements Cleanroom
  4. Apply another type of MFA (OTP, TOTP, or Radius) on the same domain

Neomia Pulse MFA settings and activation

To enable Neomia Pulse MFA on cyberelements.io, simply change the identity provider of your choice and enable the Enable Neomia Pulse authentication option.

Information

If you do not have the Neomia Pulse option, the following window will appear so that you can notify the cyberelements teams of your desire to enable the option:

Once the Neomia Pulse option is enabled in your environment, the option in the Enable Neomia Pulse authentication identity provider will no longer generate a pop-up.

  1. Enable at least one authentication token on the authentication domain

  2. Enable the Enable Neomia Pulse authentication option

  3. Specify the number of behavioral identification attempts the user will be subjected to, 0 indicating that there will be an infinite number of attempts

  4. Configure how authentication works:

    1. Ignore OTP token: if Neomia Pulse MFA validates the user, no other MFA will be requested
    2. Strengthen the authentication with an additional factor: if Neomia Pulse MFA validates the user, they will still have to validate one of the MFAs configured in step 1

  5. Configure how authentication works if Neomia Pulse fails to validate the user:

    1. Block the user: the user's account is immediately blocked on cyberelements.io
    2. Require an additional authentication factor: the user can still log in to cyberelements.io if they validate one of the MFAs configured in step 1

  6. Choose whether or not to display graphical components when analyzing keystrokes (after entering words):

    With graphical components Without graphical components

  7. Choose whether or not to display authentication factors and their validity for authentication on the user portal (information visible at the top left of the user portal):

    With authentication factors Without authentication factors
    Case of Neomia Pulse validation but with additional MFA to be validated:

    Case of Neomia Pulse invalidation but with additional MFA validated:

    Case of single Neomia Pulse validation:

To enable Neomia Pulse MFA on cyberelements Cleanroom, you must edit the authentication domain and:

  1. Enable at least one authentication token on the authentication domain

  2. Enable the Enable Neomia Pulse authentication option

  3. Set the URL for connecting to the Neomia Pulse API, which can be found in the Neomia Pulse Dashboard in Management > Services. The default value is https://api.neomia.ai/pulse

  4. Define the URL for connecting to the Neomia Pulse authentication API, which can be found in the Neomia Pulse Dashboard in Management > Services. The default value is https://api.neomia.ai/pulse-auth

  5. Enter your API key, which can be found in the Neomia Pulse Dashboard in Management > Services.

  6. Specify the number of behavioral identification attempts the user will be subjected to, 0 indicating that there will be an infinite number of attempts

  7. Configure how authentication works:

    1. Ignore OTP token: if Neomia Pulse MFA validates the user, no other MFA will be requested
    2. Strengthen the authentication with an additional factor: if Neomia Pulse MFA validates the user, they will still have to validate one of the MFAs configured in step 1

  8. Configure how authentication works if Neomia Pulse fails to validate the user:

    1. Block the user: the user's account is immediately blocked on cyberelements Cleanroom
    2. Require an additional authentication factor: the user can still log into cyberelements Cleanroom if they validate one of the MFAs configured in step 1

  9. Choose whether or not to display graphical components when analyzing keystrokes (after entering words):

    With graphical components Without graphical components

  10. Choose whether or not to display authentication factors and their validity for authentication on the user portal (information visible at the top left of the user portal):

    With authentication factors Without authentication factors
    Case of Neomia Pulse validation but with additional MFA to be validated:

    Case of Neomia Pulse invalidation but with additional MFA validated:

    Case of single Neomia Pulse validation:

More information

More information about Neomia Pulse is available on its documentation website: Neomia Pulse Documentation