Integration guide

Castle uses behavioral data to predict which users are likely a security risk. By evaluating a variety of risk factors, such as access from a new city, changing internet service provider, or connecting from a VPN, the system requests additional identity verification for high-risk scenarios. This provides a strong security experience for your entire user base while remaining transparent to the majority of the users.

Step 1. Castle.js

Install the tracking JavaScript, Castle.js, on all of your HTML pages so that it tracks user activity both before and during a login session. Castle uses the information it gathers from the user’s browser to determine if the device is known and legitimate.

Step 2. Security events

Track attempted logins and challenges from your server. This will make sure Castle catches bad actors even though they have not loaded Castle.js, and collects activity essential for detecting password guessing and account checking. It also collects user challenge information, necessary to automatically tune your implementation to minimize false alerts.

Step 3. Adaptive authentication

Use the Authentication endpoint to deploy a fully automated security workflow where your users resolve their own security alerts. Your team should only have to engage with threats when there has been an actual account takeover.