Important:You must consider the following points while configuring the risk-based authentication:
A rule must be included in a risk policy. A rule can exist in multiple risk policies.
A risk-based authentication class maps to only one risk policy and vice versa.
If a rule condition is not met, the score associated with that rule is added to the risk score. If the rule condition is met, the specified action is executed.
The risk level is determined based on the total risk score, that is the sum of the scores of all rule conditions that are not met.
If a rule is configured to allow or deny access and exit the policy when a condition is met, the risk score is zero as other rules in the group are not evaluated.
Configuring risk-based authentication involves the following steps:
Create a risk policy. See Configuring a Risk Policy.
Create a method for the risk-based authentication class. See Configuring a Method for an Authentication Class.
Create a contract for the risk-based authentication class. See Configuring a Contract for an Authentication Class.