4.26 How to set up Image-Based Behavioral Identity Check (Image Note Assertion)

The feature introduces a simple, personalized challenge that verifies identity using user-specific choices made during registration.

Users select an image and provide a personal note during signup. During login, after entering their username, they must select the same image and re-enter the note. Access is granted only if both match the stored data.

This step adds a behavioral layer to authentication, enhancing security through personalized verification.

1. Configure the Image-Based Behavioral Identity Check

   1. Log in to the ZTrust Admin Console and select the realm you want to configure.

      

      Fig 4.26.a: List of realms under manage realm

      

      Fig 4.26.b: Welcome page of test realm
   2. Go to the Authentication section

      

      Fig 4.26.c: Navigating to authentication section in side bar
   3. Next, create a copy of the browser authentication flow and configure the Image Note Assertion step within it.

      

      Fig 4.26.d: Add execution to the browser flow
   4. It should be configured as shown below.

      

      Fig 4.26.e: Browser flow configuration
   5. Next, configure the flow for registration. Return to the Authentication section to proceed.

      

      Fig 4.26.f: Navigating to Authentication section in side bar
   6. Navigate to the Required action tab

      

      Fig 4.26.g: Navigating to Required actions
   7. Then enable the Image note assertion like below

      

      Fig 4.26.h: Turn on the Image Note Assertion Action
   8. Now configuration is completed. We will attempt to register and log in to the self-service portal.

2. Registration

   1. If a user does not exist in ZTrust, please register as a user by providing below details.

      

      Fig 4.26.i: Registration Page
   2. After filling in all the required fields, the user is directed to the next page where they must select an image and provide a prompt.

      

      Fig 4.46.j: Images with images with image identification field
   3. For example, the user selects an image, enters a note, and then submits the information.

      

      Fig 4.26.k: Image identification promt provided
   4. User successfully created in ZTrust.

3. Login

   1. The user created in ZTrust will now attempt to log in with the same user. After successful validation, they are redirected to the next page for personal note verification.

      

      Fig 4.26.l: Username form login page

      

      Fig 4.46.m: Images with images with image identification field
   2. If the personal note is incorrect, an error message will be displayed as shown below.

      

      Fig 4.26.n: Image identification prompt error
   3. If the correct image and corresponding prompt are selected, ZTrust grants access to the user

      

      Fig 4.26.o: Image identification prompt provided
   4. User successfully logged into to the SSP

      

      Fig 4.16.p: Self service portal