The Integration validator is currently available on selected tenants and is being gradually rolled out.
The Integration validator is a tool that verifies your Fraud Prevention integration for each use case before you go live. It inspects telemetry collected from your client SDK and action data reported by integration in the last 60 minutes and flags missing or misconfigured parts of the integration, so you can fix them before rolling out in production.
Find the Integration validator at Admin Portal > Fraud Prevention > Configuration > Integration validator.
With the Integration validator, you can:
- Confirm that Mosaic is receiving telemetry and action events from your client.
- Check that each sensitive action (e.g., login, password reset, account details change) is reported with the expected attributes (claimed user ID, claimed user ID type, user ID hashing).
- Verify that action results are reported back to Mosaic and that the clear-user method is called when users log out.
- Identify gaps in your SDK version, integration type, and domain coverage before going live.
The Integration validator analyzes the clients used by the applications in your tenant and checks the Fraud Prevention implementation for each supported use case. It first summarizes the client environment detected for your tenant applications, including SDK version, integration type, and the domains from which events are received. Use these general checks to confirm that Mosaic is receiving data from the expected clients before reviewing the use case-specific implementation.
In the Integration validator page, first select the relevant application and client from the drop-down lists, since the reported checks and statuses apply to the selected integration.
If no data has been received from your client in the last 60 minutes, the Integration validator shows a No connectivity state. Once activity is detected, the checks are populated automatically. A link to the SDK changelog is shown when an SDK update is available.
The validator combines a summary of the integration status at the use-case level with granular checks underneath. First, each use case shows an overall integration status — a single roll-up of how complete your integration is. In the Admin Portal, the same text appears when you hover the status:
- Optimized — All required and recommended checks passed.
- Operational — All required checks passed. Some best practices are missing.
- Incomplete — Required checks are missing.
- Not integrated — No integration data detected for this use case.
Below that summary, implementation actions list the steps that can still block a successful rollout and the signals Mosaic expects for each one. For example, for account takeover protection, the validator can show whether Mosaic received a login action, whether the action included the claimed user ID and claimed user ID type, whether the action result was reported, and whether the user ID was sent as an opaque identifier.
Each implementation item has one of the following statuses:
Pass: the integration behavior matches the expected configuration.
Warning: the integration is functional but some attributes are missing or inconsistent.
Fail: a required step is missing and must be fixed before going live.
Info: informational status when data is unavailable or not applicable.
Each item links to the relevant step in the corresponding use case guide, so you can jump directly to the documentation that describes how to implement or fix it.
The Integration validator can be applied to the following Fraud Prevention use cases:
- Account takeover protection: available now. See Prevent account takeover.
- New account fraud: coming soon.
- Payment fraud: coming soon.