Patent attributes
A computer-implemented method for enhancing security controls of a web application is described. The method includes, in response to a user device's request to access the web application during a current user session, collecting, by a server system, authentication data of a user of the user device from an identity provider; authenticating, by the server system, an identity of the user based on the collected authentication data; generating, for the user session, a user risk profile that characterizes a level of risk that the user's identity will be compromised; after the user risk profile has been generated for the current user session, authorizing the user device to access the web application; detecting that the user is attempting a particular action on the web application; in response to the detection of the particular action, determining whether a step-up authentication is required based on the user risk profile generated for the current user session; in response to a determination that a step-up authentication is required, dynamically selecting, based on the generated user risk profile, a step-up authentication method for re-authenticating the user's identity; and providing one or more security requests defined by the selected step-up authentication method to the user device.
