Evaluate a risk score for each request

If you want to evaluate users' risk scores before they sign in to Okta, be sure that you configure the correct MFA requirements.

HealthInsight task recommendation

Configure a rule in your global session policy that checks a user's risk score and prompts for MFA accordingly.

Okta recommends

Require high-risk users to provide MFA every time they sign in.

Security impact Moderate
End-user impact

Moderate

Security policies are evaluated every time a user with medium or high risk levels attempts to access an app. These users must authenticate more frequently.

Require MFA for high-risk users

  1. In the Admin Console, go to Security > Global Session Policy.

  2. Select the policy that you want to edit.

  3. In the Rules table, locate the rule that you want to edit and make these updates:

    • AND Risk is: High

    • Multifactor authentication (MFA) is: Required

    • Users will be prompted for MFA: At every sign in

  4. Click Update Rule.

Related topics

Risk scoring

Create a global session policy

Edit a global session policy