Creating an external risk webhook

Edit online

Configure the 3rd party Risk configuration for each external webhook.

About this task

Performs extra access policy checks with an external information point.

Procedure

  1. Navigate to Integrations > Real-time webhooks.
  2. Click Create webhook.
  3. Select External Risk for the purpose.
  4. Click Next.
  5. Provide a name for the webhook.
    You can also specify an owner and email contact information.
  6. Specify one or more request URLs for the API.
  7. Select the type of authentication.
    Basic
    Specify the username and password.
    Header
    Specify the header name and authentication secret. If the secret is case-sensitive, select the Sensitive checkbox.
    None
    No authentication information is needed.
    OAuth
    Specify the token endpoint, select whether the client secret is post or basic, enter the client ID and secret.
    Note: Client post indicates that the secret is stored as an attribute. Client basic indicates that the secret is stored in the header.
  8. Optional: Enter any custom headers and values.
  9. Click Create.
    Your webhook is displayed.
  10. On the Configuration tab, you can take the following actions.
    1. Enable or disable the provider.
    2. View the version of the API that you are using.
      The field is read only.
    3. Choose the attributes that are sent to the identity provider for risk assessment.
      The attributes are grouped by context.
      • User
      • Session
      • Adaptive
      • Policy
    4. Specify the attributes that are returned by the provider in the response.
    5. Edit the Resource transforms.
  11. On the Connection details tab, you can take the following actions.
    1. Change the name of the webhook.
    2. Change the owner contact information.
    3. Change your API hostname URL or add more URLs.
    4. Change the authentication type.
    5. Add custom headers.
  12. From the side navigation, you can take the following actions.
    1. Test your webhook connection and payload.
    2. View the health status of the webhook.
    3. Delete the webhook.
    4. View the details of the webhook.
  13. When you are finished, click Save changes.
  14. Click Real-time webhooks to return to the Real-time webhooks page.