Adding custom predictors - PingOne Services - PingOne Risk - PingOne

Adding custom predictors - PingOne Services - PingOne Risk - PingOne - PingOne Cloud Platform

PingOne Cloud Platform

bundle

pingone

ft:publication_title

PingOne Cloud Platform

Product_Version_ce

PingOne

PingOne Cloud Platform

category

Product

p1cloudplatform

ContentType_ce

Page created: 30 Sep 2021 |

Page updated: 11 May 2023

| 2 min read

PingOne Cloud Platform PingOne Product IDaaS Deployment Method Product documentation Content Type Administrator Audience Administration User task Configuration Access security Capability PingOne Risk PingOne Services

Add a custom predictor to include data from external sources in risk calculations.

Custom predictors allow you to plug in external data sources and reference custom properties. You can use custom predictors to determine a risk score if a device is not managed, or map third-party risk scores to high, medium, or low. You can then add custom predictors to risk policies, apply overrides, and view analytics in the Risk dashboards.

For example, you can use PingFederate to establish risk-based remote access authentication controls depending on device type. You can receive an external feed of managed and unmanaged devices from PingFederate and map them to low or high risk.

Custom predictors appear in the Risk dashboard charts with the same functionality as other predictors. You can filter charts based on custom predictors and see relevant information about them in the drill-down tables. Custom predictors are also added to audit reporting.

You can add a maximum of 15 custom predictors per environment.

For information on configuring custom predictors, see Risk Advanced Predictors.

In the PingOne console, go to PingOne Risk Management > Predictors.
To add a new predictor, click the + icon.
For the predictor type, select Custom.
In the Display Name field, enter a name for the predictor.

The display name is used in the Risk dashboards and policy configuration.
In the Compact Name field, enter a short name that will be returned in the API response.

Note:
You can't change the compact name after it's been saved.
In the Attribute Mapping field, enter the JSON pointer to the custom attribute in the risk evaluation resource.

Use the format ${event|details.one.two}.
In the Fallback Predictor Decision Value list, select a default risk level in case the attribute isn't provided.
In the Risk Level Mapping section, define what values will return a LOW, MEDIUM, or HIGH score in the response:
- Select Range to define a numerical range.
- Select IP Ranges to define IP ranges.
- Select List Item to define specific alphanumerical values. To define more values for each score, click Add List Item.
Note:
If the same value appears in more than one of the risk categories (Low, Medium, High), the higher risk category will be used.
Click Save.

After saving the new predictor, you can configure it within a risk policy in two places:

As an entry in the Weighted Policy section.
As a new option in the Override section.

For more information, see Risk policies.