Risk Scoring

This is a Beta feature. To see about participating in this Beta program, please refer to the Beta Programs page.


Risk scoring is a policy rule condition that determines the likelihood of an anomalous sign-in event. The score is calculated and assigned a numerical value within a range of 0 to 100. A higher score denotes a higher likelihood that the sign-in attempt is a threat or attack.

Admins can create a sign-on policy rule, set a risk level, and assign a corresponding action based on the specified risk level. The risk score, risk level, and pertaining attributes are captured in a system log event.

User Roles

User Role User Impact
Okta AdminAn abbreviation of administrator. This is the individual(s) who have access to the Okta Administrator Dashboard. They control the provisioning and deprovisioning of end users, the assigning of apps, the resetting of passwords, and the overall end user experience. Only administrators have the Administration button on the upper right side of the My Applications page.

In the admin dashboard, a new condition called And Risk is has been added to policy rules.

Admins can also refer to the system log, which contains information about the risk score, risk level, and related attributes to the risk score.

End User Can sign in as per usual unless a risk is detected based on the configured sign on policy rules.


Your Okta preview tenant must have this beta feature enabled before it can be configured.

Note: You will be informed via email once it has been enabled on your preview account.

Accessing and Using this Feature

  1. Navigate to Security > AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. from the admin dashboard.
  2. Click Sign On
  3. Under your existing sign on policy, click Add Rule.
  4. Under the condition name And Risk is, select a risk level of Low, Medium, or High to change the level of risk that is evaluated when a user signs in. The risk level Any is selected by default.

Once this feature is set, you can obtain risk scoring information about users that have signed in to your orgThe Okta container that represents a real-world organization. by checking the system log in the admin dashboard.