Enabling User History

  1. Click Policies > Risk-based Policies > User History.

  2. Select Enable User History to save the user session details in the database.

  3. Under History Settings, you can specify the number of days of history to consider during the rule execution or select the option to consider all historical records.

    For example, if you specify 10, it indicates that the details of last 10 days must be considered during the rule execution. If you do not specify the number of days, all historical records are considered for the execution.

    This setting is not applicable for device fingerprinting. When the Device Fingerprint Rule is configured, the rule evaluates all registered devices as configured in the Device Fingerprint rule irrespective of whether this setting is configured for a specific duration or for all records.

    For example:

    1. Configure a Device Fingerprint Rule to store up to 10 fingerprints.

    2. Under User History, specify to consider only four days during the rule execution.

    3. The rule evaluates all records for ten registered devices instead of considering records for the last four days.

  4. (Conditional) If you choose to save session details in an external database, select External Database.

    1. Specify the name to identify the driver.

    2. Select the Database Driver. The driver path and dialect are displayed. You can change the driver and dialect details if required.

    3. Specify the Username and Password to access the database.

    4. Specify the URL to access the database.

      NOTE:To configure MySQL as the database, ensure that the database URL is specified as mysql://db_user:db_user@localhost/netiq_risk?autoReconnect=true.

    For information about configuring an external databases, see Configuring an External Database to Store User History.

    IMPORTANT:It is strongly recommended to not use the H2 database in a production environment. You can use it for the testing purpose. It works only on a single node Identity Server cluster.

    Earlier versions of Access Manager have eDirectory as the built-in data store. If you have used the built-in data store earlier, the data will become irrelevant after you upgrade to Access Manager 5.0.

    For information about configuring this database, see Configuring File-based H2 Database.