---
title: Configuring a risk level rule (web policy)
description: The PingOne Protect service combines a number of predictors such as user risk behavior, IP reputation, and geovelocity anomaly to calculate a single risk score. If you have a license for PingOne Protect, you can include the risk level that it calculates in your PingID policies. Find more information in Introduction to PingOne Protect.
component: pingid
page_id: pingid:pingid_service_management:pid_configuring_risk_level_rule_web_policy
canonical_url: http://docs.pingidentity.com/pingid/pingid_service_management/pid_configuring_risk_level_rule_web_policy.html
revdate: January 30, 2024
section_ids:
  before-you-begin: Before you begin
  steps: Steps
---

# Configuring a risk level rule (web policy)

The PingOne Protect service combines a number of predictors such as user risk behavior, IP reputation, and geovelocity anomaly to calculate a single risk score. If you have a license for PingOne Protect, you can include the risk level that it calculates in your PingID policies. Find more information in [Introduction to PingOne Protect](http://docs.pingidentity.com/pingone/threat_protection_using_pingone_protect/p1_protect_introduction.html).

## Before you begin

Before adding a risk level rule, make sure that you have provided a value for the **Resource ID** field in the definition of the PingID adapter for PingFederate. For more information, see [Configuring a PingID adapter instance](../pingid_integrations/configuring_a_pid_adapter_instance.html). Version 2.11 or higher of the PingID adapter is required for this feature

|   |                                                                                                                                                                                                                                                                            |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | You can also add a rule that uses the risk level provided by a supported third-party risk service. If you are using a third-party service, make sure that you have provided a value for the **Risk Level** field in the definition of the PingID adapter for PingFederate. |

## Steps

1. Create a new policy, or open an existing policy for editing.

2. Click **Add Rule**.

3. Select **Risk Level** from the list of rules.

4. For each of the risk levels - high, medium, low - select the check box if you want to specify an MFA action for that level of risk.

   ![Screen capture of risk level rule for policy](_images/iob1626953501361.png)

5. For each risk level that you selected, use the list of actions to select the MFA action you want to use for that level of risk.

6. Click **Save**.

7. In the **Policy** list, click and drag the new policy and place it in the order in which you want it to be considered. Click **Save Order**.