This event is generated when you select the Risk-Based Authentication Failed option under Audit Logging on the Logging page of an Identity Server configuration.
Description: Risk-Based authentication failed for user.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: RiskScore Description: Risk score(number).
Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value.
Text3 (F): Schema Title: Additional authentication class Description: Additional Authentication class name executed as part of risk based authentication.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.