HYPR Adapt

HYPR Control Center Standard


Beta Feature

This article is subject to change as the feature develops and we make improvements.

HYPR integrates robust authentication with advanced risk analytics and real-time threat intelligence from the cooperative security ecosystem to safeguard against immediate and emerging threats. HYPR Adapt empowers organizations to proactively identify and mitigate identity-related risks, all while enhancing the user experience through personalized interactions.

How It Works

  1. In HYPR Control Center (CC), a HYPR Admin defines Risk Policies based on the results from the Risk Assessment. HYPR Adapt can also be administered via the HYPR API.
  2. Configure RP applications to use HYPR Adapt Settings.
  3. When users log in to the affected RP application too frequently, they will be blocked from authenticating for a specified length of time.

What Users Experience

When a user exceeds the Authentication Failure Threshold in the allotted timespan, they will be unable to login, except using exempt authenticators, if any, until the Response Duration has elapsed. The following message will appear until the account is unlocked.

The HYPR Passwordless authentication experience otherwise remains unchanged.

For detailed descriptions of the authentication process, see QR Login and Pairing with a Security Key: Authentication.

Administering HYPR Adapt

Controls for HYPR Adapt are found in the left navigation of Control Center Standard Mode. If no policies exist, The Add New Policy button, a welcome message, and some simple instructions are displayed.

Adding a New Risk Policy

Risk policies block further login attempts after a specified number of failures within a window of time.

  1. Click Add New Risk Policy. The Add New Risk Policy dialog opens.

  2. Type a Risk Policy Name, then click Create.

  3. HYPR Adapt returns to the main page, which lists all Risk Policies. Here you can Edit and Manage Risk Policies. A newly created policy, if expanded using the [+] symbol to its left, will show a message: "This policy is not assigned to any applications." To finish setting up a new policy, click the Policy Name entry.

Continue in the next section.

Editing a Risk Policy

Click the Policy Name link to edit the desired Risk Policy. The Policy Properties dialog opens.

To return to the HYPR Adapt main page, click Risk Policies at the top of the page.

  • Authentication Failure Threshold: Enter the number of failed authentication attempts allowed during the Authentication Attempt Time Window; the default is 5
  • Authentication Attempt Time Window: Use the field and drop-down to set the time period during which the Authentication Failure Threshold is tracked; the default is 10 Minutes
  • User Blocked Duration: Use the field and drop-down to set the time period during which the user's account is blocked or modified; the default is 30 Minutes
  • Exempt Authenticators: Choose authenticators that will still function once the Authentication Failure Threshold is reached:
    • HYPR Mobile App with QR Scan: HYPR Mobile App QR login will be allowed
    • FIDO2 Passkeys: FIDO2 security keys or platform authenticator keys will be allowed

Complete the Risk Policy Properties fields as desired, then click Save at the bottom of the page.

Managing Risk Policies

When one or more policies are defined, the HYPR Adapt main page displays the Add New Policy button, a search bar (Search Policies), and a list of created policies.

This list contains the following fields:

  • Policy ID: The unique identifier for the Risk Policy

  • Policy Name: The policy's name as assigned at creation. Click this link to open the Risk Policy Properties dialog

  • Access: Configurable or View Only; View Only Access is only visible via the HYPR Adapt API

  • Date Created: The date the policy was last updated

  • Actions: Hover over Options to activate a drop-down menu:

    • Edit Policy Name: Opens a the Rename Risk Policy dialog to change the policy's name; when finished, click Submit to save your changes, then clear the confirmation message

    • Delete Policy: Offers a confirmation dialog which, if confirmed by clicking Delete, removes the Risk Policy

Signals Interval

In Control Center Advanced Mode: Workstation Settings, set the interval (in seconds) that HYPR polls for signal data. The default is 3600 seconds, or 1 hour.

Remember to scroll to the bottom of Workstation Settings and click Save when finished.

Assign Risk Policy

Policy assignment occurs in CC Advanced Mode Login Settings. One or more RP application Risk Policies may be assigned to an RP application on the Login Settings page.

Click Assign Risk Policy to open the assignment dialog.

  • Risk Policy: Use the drop-down menu to select a policy to govern this application's behavior
  • Evaluation Point: Choose the point in the authentication flow where the policy will be applied. Options include the following:
    • Web Pre-Auth: Just before web authentication
    • HYPR Mobile Pre-Auth: Just before HYPR Mobile App authentication
    • FIDO2 Passkey Pre-Auth: Just before FIDO2 Passkey authentication
    • Web Post-Auth: Just after web authentication
    • HYPR Mobile Post-Auth: Just after HYPR Mobile App authentication
    • FIDO2 Passkey Post-Auth: Just after FIDO2 Passkey authentication
    • Pre-HYPR Integration: Just before the affected HYPR Integration's authentication
    • Post-HYPR Integration: Just after the affected HYPR Integration's authentication
  • Adapt Unavailable Fallback: Choose behavior for when Adapt is not available to verify the policy. Options include the following:
    • Standard Workflow: Proceed normally, with no change to the authentication flow
    • Block Authentication: Block the user from authenticating for the User Blocked Duration defined for the applied policy
    • QR Scan Only: Allow only HYPR Mobile App QR authentication

Click Save when finished. The Login Settings page now lists applied policies under HYPR Adapt Settings.

While a policy is associated with an RP Application, the HYPR Adapt main page's enumerated policy list will show affected RP Applications when the [+] next to the Risk Policy is expanded.

Unassign Risk Policy

Policy unassignment occurs in CC Advanced Mode Login Settings.

Click Remove at right and confirm removal in the resulting dialog to dissociate a policy from the currently selected RP Application.