Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

OneWelcome Identity Platform
- Explore Thales Docs

IDAAS core
User journey orchestration
Consent and preference management
Consent Management v2
- Document consent
- Consent Management v2 APIs
Identity broker
Delegated User Management v2
Externalized authorization
Delegated user management
- Getting started
- Roles
- Rules
- User management
- Self service page
- Data
- APIs
- Apps
- Jobs
- Reports
Risk management
- Essential edition
- Enhanced edition
Mobile identity
- Mobile identity - Access component
- Mobile identity - Tulip
Mobile SDK
API references
Release notes and FAQ
Policy-Based Authorization Manager
Integrations
Identity Orchestrator (IO)

All

All

SDK

Risk Management Javascript web SDK

Please Note:

Risk management
Essential edition
- Default rules
- Default policies
Enhanced edition
- Enhanced edition tutorials
  - Collect signals from a mobile app
  - Collect signals from a web application
  - Evaluate risk
- Policies
- Evaluate risk with auth feedback
- Report fraudulent events
- Change password or PIN
- Ionic mobile integration
- REST API
  - Technology partners
    - Thales partner technology
    - ThreatMetrix
    - Global score
  - API authentication and authorization
  - Client-side mutual TLS authentication
  - Standalone Risk Management API
- SDK
  - Risk Management Javascript web SDK
    - Web framework v2
    - Web framework v1
  - Risk Management mobile SDK
    - Signal groups and signals
    - Security
    - Integration guidelines
    - Permissions
    - Privacy
    - Export the ThreatMetrix certificate from a browser
    - Evaluation
    - Frequently asked questions

Was this document helpful? Yes No

Feedback Sent!

If you like, you can provide additional feedback.

OneWelcome Identity Platform
Risk management
Enhanced edition
SDK
Risk Management Javascript web SDK

Risk Management Javascript web SDK

This section describes how to embed the Gemalto Assurance Hub (GAH) signal collection scripts into you web application. In other words, it focuses on steps 1 and 2 of the evaluation use case.

Use cases

You can use GAH to analyze and provide decision recommendation for several use cases inside your website, such as login and account creation.

During a web session (between user login and logout), your customer can browse through different use cases on which you want to perform a getDecision.

View

A use case, such as login, is usually composed of a single view, which is a screen where the user enters their username and password, then clicks a login button.

Sometimes, a use case can include several views, such as the first view where the user enters their username and clicks a Next button, then a second view, where the user enters their password and clicks Login.

Signal collection

Signal collection use case diagram

GAH, as well as the partners involved, have been tested on the last two major versions of Internet Explorer, Google Chrome, and Firefox.

The next section describes how CORS is used by the Gemalto Assurance Hub to enable your cross-origin HTTP requests made during signal collection.

CORS

Adding the GAH scripts into your web pages sends a Cross-Origin Resource Sharing (CORS) HTTP request to the GAH signal-collector domain. For security reasons, browsers block cross-origin requests initiated from within scripts.

CORS request flow diagram

As a result, the POST and PATCH signals request sent to GAH are blocked. To enable this cross-origin request, GAH supports the CORS protocol:

Before the POST or PATCH signals request is made, the browser first sends an HTTP request (OPTIONS) to the GAH domain.
The GAH back end processes this request and checks that it originates from an authorized domain (by looking at the origin HTTP header), for example: www.your-domain.com. Altogether, this means that every domain issuing POST or PATCH signals requests to the GAH must be declared in the product.

If you are implementing a risk assessment on your login page, and this page is delegated to an identity provider, the domain name of the server hosting the identity provider must be provisioned in GAH.

Next

Web framework v2

On this page

OneWelcome Identity Platform

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com Support contacts

Support
- Customer Release Notes
Legal
- End User License Agreement
- Terms of Service

© Copyright 2019-2026, Thales Group

supportportal.thalesgroup.com