NOTE
Risk Model has been deprecated. However, you can still use risk scores for access control.
Risk based access is a way to set up access controls based on a user risk score (provided as a claim) which in turn will decide if the action(s) specified in the entitlement are to be allowed. For example, access may only be allowed if the user risk score is medium or low. When the risk score is high then the entitlement will be denied (block rule applies). If a user interaction has been configured in the risk matrix, this will provide a way for the user to unblock access by performing some sort of additional authentication.
Before you start
Pre-configure the following elements:
MFA Provider. For multi-factor user interactions, refer to MFA Providers
Identity Provider. For password user interactions, refer to Identity Providers
User Risk Claim. Refer to User claims and Device claims
If you plan to use the risk score claim provided by the Appgate ZTP Risk Engine, then you will need to link your instance to ZTP and obtain a feature license for the Risk Engine.
Background information:
The topic access control models explores the use of risk based access in more detail.
Learn more about how to use user interactions.
Setting up MFA Providers for user interactions.
Use the Risk Model page for:
Defining the risk matrix which for controlling when entitlements will be allowed by the Gateway.
Adding user interactions when the risk matrix shows USER ACTION, such as entering a valid multi-factor authentication.
Adding a message to provide feedback to the user when the risk matrix shows DENY.
For details on configuration, refer to configuring the risk model