Establish a connection between PingOne Authorize and PingOne Protect to use risk signals in authorization policies and provide risk evaluation feedback.
- Make sure PingOne Protect is in your PingOne environment. For more information, see Getting up and running.
- If you’re using an external user directory, create attributes that store values for service input settings, such as the ID and IP address of the user whose risk is being evaluated.
PingOne Protect monitors end-user requests and generates a risk score of low, medium, or high, based on user behavior and device context. Service Connectors enable you to include these risk assessments in dynamic authorization policies. For example, if a risk score is medium, the authorization policy might direct the user to complete step-up authentication with additional MFA methods. When the risk score is high, the policy might deny access to the resource.
PingOne Protect provides the capability to evaluate risk for a transaction, and the capability to provide feedback that improves risk models. Add a separate PingOne Risk service Connector in PingOne Authorize for each capability.
Configure the following Connector settings, then configure general settings to finish the service connection.
When you save the Connector service, PingOne Authorize automatically generates an attribute that resolves against the service. This attribute has the same name as the Connector service. Connector attributes are listed directly under Connectors on the Attributes tab in the Trust Framework.
You can generate child attributes from this attribute to extract service response values, such as the risk level, for use in authorization policies. When you update a Connector service, PingOne Authorize updates the generated Connector attribute associated with the service.