---
title: Adding risk results to your authentication policy
description: By modifying your authentication policy to include risk results, you can dynamically change authentication requirements for higher-risk users.
component: iovation
page_id: iovation:setup:pf_iovation_ik_adding_risk_results_to_your_authentication_policy
canonical_url: https://docs.pingidentity.com/integrations/iovation/setup/pf_iovation_ik_adding_risk_results_to_your_authentication_policy.html
revdate: May 30, 2025
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Adding risk results to your authentication policy

By modifying your authentication policy to include risk results, you can dynamically change authentication requirements for higher-risk users.

## About this task

These steps are designed to help you add to an existing authentication policy. You can find general information about configuring authentication policies in [Policies](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/qmq1564002987890.html) in the PingFederate documentation.

## Steps

1. Sign on to the PingFederate administrative console.

2. Go to **Authentication > Policies** and either open an existing authentication policy, or create a new one.

   Learn more in [Defining authentication policies](https://docs.pingidentity.com/pingfederate/latest/administrators_reference_guide/pf_defining_auth_policies.html) in the PingFederate documentation.

3. In the **Policy** section, in the **Select** list, select an iovation IdP Adapter instance.

   ![Screen capture of example adapter instance selection options.](_images/Success_path.jpg)

4. Map the user ID into the iovation IdP Adapter instance:

   ![Screen capture of the Incoming User ID section with the HTML form adapter as the source and username as the attribute.](_images/Incoming_user_id.jpg)

   1. Under the iovation IdP Adapter instance, click **Options**.

   2. On the **Options** modal, in the **Source** list, select a previous authentication source that collects the user ID.

   3. In the **Attribute** list, select the user ID. Click **Done**.

5. Define policy paths based on risk results:

   ![Screen capture of the Rules section that shows three policy paths with transactionRiskResults as the Attribute Name.](_images/Rules.jpg)

   1. Under the iovation IdP Adapter instance, click **Rules**.

   2. On the **Rules** modal, in the **Attribute Name** list, select **transactionRiskResult**.

   3. In the **Condition** list, select **equal to**.

   4. In the **Value** field, enter `allow`, `review`, or `deny`.

   5. In the **Result** field, enter a name.

      This appears as a new policy path that branches from the authentication source.

   6. To add more authentication paths, click **Add** and repeat steps a - d.

   7. Clear the **Default to success** checkbox.

   8. Click **Done**.

6. Configure each of the authentication paths, including **Fail**, **Success**, and the paths that you defined in the **Rules** modal.

   |   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
   | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
   |   | In case the iovation API is unreachable or returns an error, you can allow users to continue to sign on by satisfying stricter authentication requirements.You can do this in your authentication policy by setting the **Fail** outcome of the iovation IdP Adapter instance to point to a second authentication factor, as shown in the following example.Alternately, you can do this in your iovation IdP Adapter instance by setting the **Failure Mode** as shown in [Configuring an adapter instance](pf_iovation_ik_configuring_an_adapter_instance.html). |

   ![Screen capture showing authentication paths for Fail, Allow, and Review, the three policy paths configured based on risk results in step 6.](_images/Review.jpg)

7. Click **Done**.

8. On the **Policies** page, click **Save**.