Risk and behavior evaluation

Risk scoring and behavior detection use data-driven models to evaluate sign-in requests. You can configure how these properties are evaluated and applied in Okta sign-on policy rules. For example, you can configure an Okta sign-on policy rule to evaluate changes in user behavior and to require multifactor authentication if a user signs in from a new location or using a new device.

By manually configuring Okta sign-on policy rules to evaluate the risk level and to identify unusual behavior, you have control over the risk level or types of behavior you want to see reported. However, this information can also be useful without being explicitly configured in Okta sign-on policy rules.

To improve the visibility of this information without requiring manual configuration, organizations can report the results of the risk and behavior evaluation for all sign-in requests.

The results of the risk and behavior evaluation are added to the DebugContext in the System Log in a separate LogOnlySecurityData field. For example:

LogOnlySecurityData field in the System Log

Related topics

Risk scoring

Behavior detection and evaluation