Evaluate a risk score for each request
If you want to evaluate users' risk scores before they sign in to Okta, be sure that you configure the correct MFA requirements.
HealthInsight task recommendation
Configure a rule in your global session policy that checks a user's risk score and prompts for MFA accordingly.
| Okta recommends |
Require high-risk users to provide MFA every time they sign in. |
| Security impact | Moderate |
| End-user impact |
Moderate Security policies are evaluated every time a user with medium or high risk levels attempts to access an app. These users must authenticate more frequently. |
Require MFA for high-risk users
-
In the Admin Console, go to .
-
Select the policy that you want to edit.
-
In the Rules table, locate the rule that you want to edit and make these updates:
-
AND Risk is: High
-
Multifactor authentication (MFA) is: Required
-
Users will be prompted for MFA: At every sign in
-
-
Click Update Rule.