The following table describes the fields available for managing risk policies on the Risk Policies tab in the PingAccess administrative console.
Field | Required | Description |
---|---|---|
Name |
Yes |
A unique name for the risk policy. |
PingOne Connection |
Yes |
The PingOne connection you created in steps 2a-2c of Adding a PingOne connection. |
PingOne Risk Policy ID |
No |
The id of the PingOne risk policy you want to use to perform risk evaluation. A null value tells PingOne Protect to use a default policy. Note:
You can only configure a PingOne risk policy in PingOne Protect. PingAccess doesn't currently support device profiling, so New Device and other device-related PingOne predictor types shouldn't be included in a PingOne risk policy that you intend to use with PingAccess. Some of these device-related predictor types are included in the default PingOne risk policy. Make sure to remove the following predictor types from your configuration or adjust the weights or scores associated with them:
For more information, see Risk policies in the PingOne documentation. |
Risk Check Interval (MS) |
No |
The rate at which PingAccess requests an evaluation from PingOne Protect for the same end-user. This field accepts values from zero to a full day. The default value is 20000 ms (20 seconds). Tip:
To have PingOne Protect perform an evaluation on every request that an end-user makes, you can set this value to 0. However, evaluating every request could slow down your environment's performance. |
User ID Attribute |
Yes |
Tells PingOne Protect what kind of user attribute to define as an end-user's user ID. |
High Risk Policy Evaluator |
Yes |
A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is HIGH. In the High Risk Policy Evaluator list, select one of the following options:
|
Medium Risk Policy Evaluator |
Yes |
A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is MEDIUM. In the Medium Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry. |
Low Risk Policy Evaluator |
Yes |
A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is LOW. In the Low Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry. |
Failed Risk Policy Evaluator |
Yes |
A policy that tells PingAccess what action to take if the returned risk score is an invalid value or if the risk evaluation service is unavailable. In the Failed Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry. |