Risk Scoring

Risk Scoring uses a risk engine that determines the likelihood of an anomalous sign-in event.

Okta assigns a risk level to each Okta sign in using models that use contextual information about the sign-in as well as historical information about the user. Admins can configure a sign-on policy rule to take different actions based on the risk level of the sign-in. For example prompt for MFA if the login is high risk.

Admins can create a sign-on policy rule, set a risk level, and assign a corresponding action based on the specified risk level. A high risk is assigned to new users initially — over time the risk level is reduced as more information is gathered about the user’s login pattern. Over time, the risk associated with normal sign-ins for the user will decrease.

Risk Scoring is designed to complement, not replace existing security tools and should not be used to:

  • Substitute bot management or automation detection
  • Replace Web Application Firewalls (WAFs)
  • Assist with any type of security compliance

Consider using Risk-based authentication with Factor Sequencing, to ensure stronger factor chains are used with higher risk sign-in activity.

System Log events

System logs contain risk information associated with authentication. The System log provides insights into how the risk was determined including any combination of the following reasons:

  • Anomalous Location
  • Anomalous Device
  • Suspected Threat (based on Okta ThreatInsight detection)

Configure Risk Scoring

Configure Risk Scoring by adding a rule and configure the risk level for the rule.

Before You Begin

Verify that configured sign-on policies are created.

Configure Risk Scoring in Okta sign-on policies

  1. In the Admin Console, navigate to Security > Authentication.
  2. Click Sign On
  3. Under your existing sign on policy, click Add Rule.
  4. You can also edit an existing rule.

  5. Under the condition name And Risk is, select a risk level of Low, Medium, or High to change the level of risk that is needed to match the rule. The risk level Any is selected by default.

Related topics

About Okta ThreatInsight

About Behavior Detection