RiskOS™ Dashboard Setup

Set up Login and Authentication in the RiskOS™ Dashboard

Before you start

Make sure you have the following:

How it works

Login and Authentication evaluates login attempts using a layered approach that combines device intelligence, identity risk signals, and step-up authentication when required.

At a high level, the workflow:

• Evaluates device and session risk
• Screens identifiers against allow/deny and alert lists
• Assesses phone and email risk
• Detects SIM swap activity
• Applies step-up authentication when risk thresholds are exceeded
• Returns a final decision with reason codes and audit trails

Final outcomes include:

• Approve
• Manual Review
• Decline

How Login and Authentication fits into a workflow

In RiskOS™, workflows are built by connecting reusable components. Login and Authentication is delivered as a preconfigured use-case workflow composed of enrichments, scorecards, conditions, and decisions.

Once triggered, the workflow orchestrates all checks and returns a single decision outcome.

For more detail on workflow components, see Workflow Steps.

Execution flow in RiskOS™

Login and Authentication runs synchronously, with conditional asynchronous step-ups (for example, One-Time Passcode or Document Verification) applied only when risk warrants additional verification.

1. Data collection

   Collect Digital Intelligence (DI) session token, phone number and/or email as the minimal input needed to begin the flow.

2. API call to RiskOS™

   RiskOS™ receives the input data and triggers the Account Takeover workflow to retrieve and enrich identity information.

3. Digital Intelligence (DI) scoring

   Device signals, Behavioral signals and Entity Profiler are evaluated using a configurable, weighted scorecard to evaluate device risk.

4. Allow/Deny lists

   Email, phone, IP address and device are cross-checked against Allow/Deny lists configured in RiskOS™.

5. Alert List check

   Phone and/or email are checked if associated with fraud on the Alert List.

6. Verify phone and/or email

   If phone and/or email are provided, they are evaluated for risk using Phone Risk and Email Risk respectively.

7. SIM Swap check

   If phone is provided, it is evaluated for SIM Swap.

8. Conditional One-Time Passcode/Document Verification

   Based on configured thresholds, RiskOS™ may require step-up authentication such as One-Time Passcode (OTP) or Document Verification (DocV).

9. Final decision

   RiskOS™ applies decisioning logic (Approve, Manual Review, or Decline) to complete the Account Takeover workflow.

Workflow components used by Login and Authentication

Configure Login and Authentication

Enable required enrichments

Your Socure account team provisions a standard Account Takeover workflow with the following entitlements:

• Digital Intelligence
• Alert List
• Phone Risk
• Email Risk
• SIM Swap
• One-Time Passcode
• Document Verification

Configure Allow / Deny lists

Configure allowlists and denylists for:

• Email addresses
• Phone numbers
• IP addresses
• Devices

These lists are evaluated early in the workflow.

Configure inputs and routing

Typical configuration steps include:

• Digital Intelligence scorecard

  • Assign positive or negative weights to risk signals.
  • Use the aggregated score to determine when to decline or step up.

• Reject conditions

  • Reject when identifiers appear on deny lists.
  • Reject when phone or email risk is high and SIM swap checks fail.

• Step-up triggers

  • Configure OTP or DocV when risk thresholds are exceeded or signals conflict.

You can start from the account_takeover_v1_06042025 workflow template to accelerate setup.

If you’re unsure how to tune thresholds or routing, reach out to support with context about your use case.

Save and publish

Once your workflow is configured, publish it to go live.

Most customers start with a Socure-provided best-practice workflow and iterate over time.

Workflow testing checklist