Establish a connection between PingOne Authorize and PingOne Risk to use risk signals in authorization policies and provide risk evaluation feedback.
- Make sure PingOne Risk is in your PingOne environment. For more information, see Getting started with PingOne Risk.
- If you’re using an external user directory, create attributes that store values for service input settings, such as the ID and IP address of the user whose risk is being evaluated.
PingOne Risk monitors end-user requests and generates a risk score of low, medium, or high, based on user behavior and device context. Service connectors enable you to include these risk assessments in dynamic authorization policies. For example, if a risk score is medium, the authorization policy might direct the user to complete step-up authentication with additional multi-factor authentication (MFA) methods. When the risk score is high, the policy might deny access to the resource.
PingOne Risk provides the capability to evaluate risk for a transaction, and the capability to provide feedback that improves risk models. Add a separate Risk service connector in PingOne Authorize for each capability.
Configure the following Risk connector settings, then configure general settings to finish the service connection.
When you save the connector service, PingOne Authorize automatically generates an attribute that resolves against the service. This attribute has the same name as the connector service. Connector attributes are listed directly under Connectors on the Attributes tab in the Trust Framework.
You can generate child attributes from this attribute to extract service response values, such as the risk level, for use in authorization policies. When you update a connector service, PingOne Authorize updates the generated connector attribute associated with the service.