Blog

Radar

Ryan Cooke
November 19, 2024

Radar enhances AuthKit with powerful security features to protect your application from abuse, fraud, and attacks. It automatically detects authentication patterns that indicate malicious or suspicious behavior and includes six built-in preventions that can be enabled with a single click.

Why did we build Radar?

All SaaS applications need authentication—basic sign-up and sign-in capabilities to identify users and secure their accounts. But selling to enterprises introduces a lot more complexity than just authentication. You need to support user deprovisioning so IT admins can immediately revoke access for specific users when necessary. Authorization also becomes a challenge if you need a permissions system that is more granular and flexible than RBAC.

While this type of growth presents its own challenges, it can also mean that your existing authentication setup can be a target for bad actors. They range from opportunistic users - individuals who are trying to abuse a free trial tier by signing up for multiple accounts under different pseudonyms, to actual criminals who are probing your application for weaknesses and testing your users' accounts using compromised credentials.

These are the scenarios where basic username/password auth falls short of providing the protection that modern SaaS apps require. Even techniques like CAPTCHAs have been rendered ineffective at stopping coordinated account takeover schemes. And with AI agents becoming more capable every day, the need for intelligent and adaptable defense against bad behavior has never been greater.

What is Radar?

Radar builds on top of AuthKit’s user management and hosted forms to collect signals on the behavior of users as they sign in to your SaaS app. These signals feed into an engine that is looking for abusive or anomalous behavior. When Radar detects a suspicious authentication attempt, it can block or challenge that attempt based on the settings you configure.

Radar leverages proprietary device fingerprinting based on over 20 characteristics to identify which device is being used to authenticate with AuthKit. Just like a person’s fingerprint, this is used by Radar to differentiate between legitimate users and others who are attempting attacks or fraud.

Radar also tracks every authentication attempt to uncover sign-ins that are suspicious or just impossible. It will alert you when this is happening in real-time, allowing your admins to intervene and alert your users that their accounts might be compromised.

How does Radar work?

Since Radar is directly integrated into AuthKit, it analyzes every authentication attempt to detect patterns that may indicate undesirable or malicious activity. It groups these patterns into “detections,” allowing the system to block or prompt additional verification for any authentication attempt that matches a suspicious pattern.

Out of the box, Radar ships with the following preventions:

  • Bot detection
    • You might expect that humans are the ones who are signing in to use your app, but there are actually a lot of bots on the Internet!
    • Or you might want certain kinds of bots to be able to sign in, such as AI agents that are operating on your users’ behalf.
    • Radar can determine that an authentication is coming from a bot and allow or deny that attempt, even if the credentials are correct.
  • Brute force and credential stuffing
    • These are attacks where a bad actor is trying to sign in to your app using a list of leaked credentials from other breaches. There are millions to billions of email/password pairs that have been shared across the Internet. Since it is common for people to reuse passwords across multiple websites, it’s possible that the same emails/passwords are valid credentials for your app. However, to find which email/password is reused for your app, the bad actor must run through many authentication attempts.
    • Radar will notice when a single client or device repeatedly signs in to your app and blocks these attempts for a short period of time.
  • Impossible travel
    • The physical world has constraints on how fast things can move around. Would you expect that your users can travel faster than the speed of light? Neither does Radar. By tracking device geolocation, Radar can block or alert when subsequent authentication requests are spread around the globe.
    • While this may not be caused by someone breaking the law of physics, it could very well indicate that users are using a VPN to mask their true identity or share accounts. No matter the cause, we can flag this behavior with Radar and leave it up to you how you want to proceed.
  • Unrecognized device
    • Corporate users typically have a single company-issued computer that they use for all of their SaaS apps.
    • And even personal users will have a limited number of computers that they drive daily.
    • So what happens when a device that Radar has never seen before attempts to log in? Maybe that user got a new laptop, or maybe someone else found their password, but in both cases, Radar will alert the user and their administrator in case additional actions are necessary.

Beyond built-in

In addition to these detections, devs can set custom rules to allow or deny authentication to specific devices, users, domains, or IP ranges. This enables a myriad of use cases, such as restricting sign-ins to a corporate IP range, allowing certain users to bypass detections that are false positives, or banning iPods from using your app. And many more!

Radar + Actions

We aren’t keeping the magic of Radar to ourselves; the signals that Radar collects on authentication attempts will be available in events and actions.

Combining Radar + Actions (👀 coming very soon) allows you to extend the capabilities of Radar by incorporating device fingerprinting into your app’s own fraud or abuse models. For example if one device is shared among many accounts, this could be a sign that one person is opening up many accounts to get around restrictions placed on usage. Or if many devices are being used to sign in to one account, it’s a strong indication that this account is being shared among many individuals.

We are excited to see how devs take the intelligence that Radar adds to AuthKit and build upon it for their own apps! If you’d give Radar a try, reach out to our support team. You can also check out the docs to learn more.

In this article
Link
Link
Link
We’re hiring

Our global team is growing and we’re hiring all types of roles.

View open roles
About us

WorkOS builds developer tools for quickly adding enterprise features to applications.

Learn more

This site uses cookies to improve your experience. Please accept the use of cookies on this site. You can review our cookie policy here and our privacy policy here. If you choose to refuse, functionality of this site will be limited.