For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • Getting Started
    • Overview
    • Best practices
  • Sightline Cyberfraud Defense
    • About Sightline Cyberfraud Defense
    • Getting Started
    • What's different in Sightline Cyberfraud Defense
    • Sensor changelog
    • About the Overview Dashboard
    • Glossary
  • AgenticTrust
    • Getting started with AgenticTrust
    • AI Agents Monitoring Dashboard
    • AI Visitors Overview Dashboard
    • Manage AI Agent Permissions
    • Agentic Activity Priority
    • Agent Trust Levels
  • Account Defender
    • Account Defender Overview
    • Use Cases
    • Prerequisites
    • Getting Started with Account Defender
    • Optimizing Account Defender Detection
    • Validating Account Defender Integration
    • Risk Triggers
    • About Network Events
    • Troubleshooting
  • Bot Defender
    • Bot Defender Overview
    • Detection
    • Bot Defender Policy Settings
    • Footprint
  • Credential Intelligence
    • Credential Intelligence Overview
    • How to Access the Breached Flag
      • Enforcer Integration Generic Guidelines
      • Integrate Credential Intelligence with Auth0 on the Cloudflare Enforcer
      • Integrate Credential Intelligence with Auth0 on the Fastly Enforcer
      • Credential Intelligence Integration Testing
    • Credential Intelligence FAQ
    • Credential Intelligence Dashboard
  • Code Defender
    • Code Defender Introduction
    • Getting Started with Code Defender
    • Code Defender Glossary
    • Website Risk Analyzer
  • Platform
    • Account settings
    • Manage users
    • Role permissions
    • Enforcer configurations
    • Page Type Mapping
  • Client-Side Integration
    • JavaScript tag
    • Improving first page performance
    • Use of cookies & web storage
    • Advanced client integration
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
On this page
  • Introduction
  • Test Scenarios
  • Q&A and Troubleshooting
  • I am not seeing the px-compromised-credentials header on any of my origin requests, what could cause this?
  • I can’t create new users based on the credentials mentioned above, how can I still test the “Compromised Credential” flow?
  • I can’t see the breached account response in the logs of the data export, what could cause that?
Credential IntelligenceIntegrating Credential Intelligence

Validating the Integration

Was this page helpful?
Previous

Credential Intelligence FAQ

Next
Built with

Introduction

In order to ensure that Credential Intelligence was integrated correctly, it is recommended that the following test scenarios be executed.
The following credentials can be used in the tests mentioned below to simulate compromised credentials:

UsernamePasswordNote
testbreached@px.compas123For simple tests
testbreached[01-10]@px.com (e.g. testbreached01@px.com)Strong12pass$testIn case a stronger password is required by your CIAM / directory service (e.g., for compliance reasons)

Test Scenarios

Compromised Credentials:

  1. Setup a user in your system using one or more of the compromised credentials mentioned above.
  2. Attempt to login using a password different from the correct one.
  3. Observe that the compromised credential header (the default key for this header is px-compromised-credentials) is absent from the request going to the origin server.
  4. Attempt to login using the correct password.
  5. Observe that the compromised credential header exists on the request going to the origin server with a value of 1.

Non Compromised Credentials:

  1. Choose an existing user or create a new one (it is recommended to use a new user when possible to lower the probability of it and it’s password existing in our database).
  2. Attempt to login with an incorrect password.
  3. Observe that the login failed and that the compromised credential header is absent from the request going to the origin server.
  4. Attempt to login with the correct password.
  5. Observe that the login failed and that the compromised credential header is absent from the request going to the origin server.

Password Reset:
In case the password reset flow has been implemented, perform the “Compromised Credentials” flow mentioned above and observe that your login is redirected to your password reset page with no option to complete the login process until the password is changed.

CIAM Integration:
In the case of a CIAM integration (e.g. Okta), depending on the integration, you might not have visibility into the request headers. In this case, or if you are ingesting this data via our data export capabilities, you will need to review the value of px-compromised-credentials flag in the data export provided.

Q&A and Troubleshooting

I am not seeing the px-compromised-credentials header on any of my origin requests, what could cause this?

If you are seeing this, please check the following:

  1. That your username and request extraction configuration are properly configured.
  2. That the paths configured for extraction cover the flow you are attempting to test.

If both are correct, please contact support with the full enforcer configuration and steps to reproduce the login flow and we will assist you in troubleshooting the issue.

I can’t create new users based on the credentials mentioned above, how can I still test the “Compromised Credential” flow?

In order to simulate a compromised credential response, change the User-Agent header of the original request to breached_account_pxde_test. This will force our API to return the flag identifying the request as compromised without adding it to our database or requiring you to create a new user.

I can’t see the breached account response in the logs of the data export, what could cause that?

In order to receive the breach account response in the the data export, the export should be configured via the portal by selecting data type “Logs”. Breached account response will be included by default if the feature is enabled for the app ID.
To learn more about the data export configuration, click here. To learn more about the data scheme including the breached account response, click here.