Protect Your Adobe Commerce Site with F5 Distributed Cloud Services (Part 2)

In Part 1, I was able to show how to quickly and easily it is to configure Bot Defense to protect your Adobe Commerce site with F5 Distributed Cloud (F5 XC) Services.  In this article, I will expand on that offering and show you how to configure both Account Protection and Authentication Intelligence, again leveraging F5 XC Services.

As a refresher the following services are provided:

• Distributed Cloud Bot Defense blocks up to 99% of malicious bots and other automated attacks at the origin. 
• Distributed Cloud Account Protection leverages a real-time, closed-loop AI fraud engine designed to predict and mitigate risky or malicious transactions.
• Distributed Cloud Authentication Intelligence model’s good user behavior to ensure safe user journeys and reduces unnecessary friction (e.g., MFA, CAPTCHA).

Note:  This article assumes you have both a F5 Distributed Cloud Services account and an Adobe Commerce Account.

Log in to the F5 Distributed Cloud Console.

 

You will notice Account Protection and Authentication Intelligence as available solutions. In order to enable them you will click the respective tiles to enable for your tenant.

 

This Screenshot shows the example welcome Screen for Authentication Intelligence.

 

Here you can explore and find Datasheets, Whitepapers, Technical Documentation or Schedule a session with the Customer Success Team.

Additionally, if you click “Learn How JS Injection Works” the fly out will tell you where to put you JS and give you the JS tag that is needed for the service to integrate with F5 XC.

You will take this information over to Adobe Commerce, working with the F5 Team and configure the service.

Next Switch to Adobe Commerce and Login.

This will take you to Your Dashboard.

 

Navigate down the Left Pane and Select Stores. Click Configuration.

 

Navigate down the Configuration page to F5 Distributed Cloud Services.

In the previous article we chose Bot Defense and configured that appropriately.

Here we will select Account Protection and/or Authentication Intelligence for this article. This image shows Account Protection.

At the very top and most importantly you need to enable the Service.  This will expose all the other settings we will configure.

• API Hostname
• Script Tag
• JS Path
• Customer ID
• Cookie name
• Decryption key
• Protected Endpoints

Both services have almost the same configuration items.

Here is Authenticaion Intelligence.

At the very top and most importantly you need to enable the Service.  This will expose all the other settings we will configure.

• API Hostname
• Script Tag
• JS Path
• Customer ID
• Cookie name
• Decryption key

These settings will be suppled by the F5 Customer Success Team when you implment the service.

We recommend to inject into all Login, Logout, and Checkout/Transfer flow pages

Those are all the steps that are necessary to easily and quickly set up Account Protection and Authentication Intelligence in the F5 Distributed Cloud.

After your service is configured you will monitor from the F5 Distributed Cloud Console.  I am including several images to give you a sample of the data you will see and have available to you.

 

 

 

 

• F5 Distributed Cloud Bot Defense Overview 
• How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense with iApps
• How to easily protect your BIG-IP applications using F5's Distributed Cloud Bot Defense, natively
• F5 Distributed Cloud Services