Risk Scoring

Risk Scoring is based on a machine-learning risk engine, that determines the likelihood of an anomalous sign-in event.

Admins can create a sign-on policy rule, set a risk level, and assign a corresponding action based on the specified risk level. A high risk is assigned to new users initially — over time the risk level is reduced as more information is gathered. As a user continues to sign in to Okta with expected activity, the more likely they will be assigned a lower risk level.

Risk Scoring is designed to complement automation detection and does not account for the following scenarios:

  • Substitute for bot management or automation detection
  • Replacement for Web Application Firewalls (WAFs)
  • Assistance with any type of security compliance

If you're using risk-based authentication, you may also consider Factor Sequencing, which allows you to enable a combination of various MFA factors for end-user authentication




To configure Risk Scoring:

  1. In the admin console, navigate to Security > Authentication.
  2. Click Sign On
  3. Under your existing sign on policy, click Add Rule.
  4. Under the condition name And Risk is, select a risk level of Low, Medium, or High to change the level of risk that is evaluated when a user signs in. The risk level Any is selected by default.

System Log events

Risk Scoring can be assessed in the System Log based on any combination of the following three strings:

  • Anomalous Location
  • Anomalous Device
  • Suspected Threat (based on ThreatInsight detection)