Risk policy field descriptions - PingAccess - 7.3

Risk policy field descriptions - PingAccess - 7.3 - 7.2

PingAccess

bundle

pingaccess-72

ft:publication_title

PingAccess

Product_Version_ce

PingAccess 7.2

category

Product

pa-72

pingaccess

ContentType_ce

The following table describes the fields available for managing risk policies on the Risk Policies tab in the PingAccess administrative console.

Field	Required	Description
Name	Yes	A unique name for the risk policy.
PingOne Connection	Yes	The PingOne connection you created in steps 2a-2c of Adding a PingOne connection.
PingOne Risk Policy ID	No	The id of the PingOne risk policy you want to use to perform risk evaluation. A null value tells PingOne Protect to use a default policy. Note: You can only configure a PingOne risk policy in PingOne Protect. PingAccess doesn't currently support device profiling, so New Device and other device-related PingOne predictor types shouldn't be included in a PingOne risk policy that you intend to use with PingAccess. Some of these device-related predictor types are included in the default PingOne risk policy. Make sure to remove the following predictor types from your configuration or adjust the weights or scores associated with them: Anonymous network detection Geovelocity anomaly IP reputation IP velocity New device User location anomaly For more information, see Risk policies in the PingOne Cloud Platform documentation.
Risk Check Interval (MS)	No	The rate at which PingAccess requests an evaluation from PingOne Protect for the same end-user. This field accepts values from zero to a full day. The default value is 20000 ms (20 seconds). Tip: To have PingOne Protect perform an evaluation on every request that an end-user makes, you can set this value to `0`. However, evaluating every request could slow down your environment's performance.
User ID Attribute	Yes	Tells PingOne Protect what kind of user attribute to define as an end-user's user ID.
High Risk Policy Evaluator	Yes	A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is `HIGH`. In the High Risk Policy Evaluator list, select one of the following options: Allow The default value. Permits the end-user's request. Authentication Challenge Policy Directs the user to reauthenticate. If you select this option, you must select an Authentication Challenge Policy to use. Adjusting the Authentication Validity Period (M) is optional. Deny Rejects the end-user's request. If you select this option, you must select a Rejection Handler to use. Rule PingAccess evaluates a rule you specify to determine how to proceed. If you select this option, you must select a specific web Rule to use. Important: API policy is currently incompatible with this type of policy evaluator. For more information on web policy and API policy, see Applying rules to applications and resources. The following PingAccess rule types are API-specific, and thus currently unusable on a protected web application: OAuth attribute rules OAuth client rules OAuth Groovy script rules OAuth scope rules Rate limiting rules when the Policy Granularity of the rule is set to OAuth client OAuth token cache time to live rules PingAuthorize access control rules when using PingAccess version 7.2 PingAuthorize response filtering rules when using PingAccess version 7.2 Rule Set PingAccess evaluates a rule set you specify to determine how to proceed. If you select this option, you must select a Rule Set to use.
Medium Risk Policy Evaluator	Yes	A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is `MEDIUM`. In the Medium Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry.
Low Risk Policy Evaluator	Yes	A policy that tells PingAccess what action to take if the returned risk score from an end-user's request is `LOW`. In the Low Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry.
Failed Risk Policy Evaluator	Yes	A policy that tells PingAccess what action to take if the returned risk score is an invalid value or if the risk evaluation service is unavailable. In the Failed Risk Policy Evaluator list, select one of the five options described in the High Risk Policy Evaluator table entry.