Most of the predictor types allow you to define a Fallback Predictor Decision Value. This is the risk level that should be assigned to the predictor if there is insufficient information to calculate the risk level. This can occur for a number of reasons, such as:

  • The predictor is still in the training period.
  • The basic information required cannot be obtained, for example, the location of the user.

To configure and edit a predictor:

  1. In the PingOne console, go to Threat Protection > Predictors.
  2. Click the predictor type, and then click the specific predictor that you want to edit.
  3. To edit predictor details and configuration settings:
    • To edit Display Name and Description:
      1. Click the More Options (⋮) icon.
      2. Click Rename.
    • To edit configuration settings:
      1. Click the Pencil icon.
      2. Edit any of the following as needed:
    PredictorSettings

    Adversary-in-the-Middle (AitM)

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Use the Domain Allow List field to provide a comma-separated list of the domains that are legitimate for your resources. These will be compared with the domains your users are trying to access to verify that they were not the target of phishing attempts.

    If you do not specify one or more domains, PingOne Protect sets a short learning period to learn the domains that your users are accessing, and these domains will be added to the allow list. The learned domains will be displayed under Domain Allow List.

    Anonymous Network Detection

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in CIDR format, separated by commas, for example, 1.1.1.1/24, 1.1.2.1/12. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, you must add each addressto the list individually.

    Bot Detection

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Email Reputation

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Geovelocity

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in classless inter-domain routing (CIDR) format, separated by commas, for example, 1.1.1.1/24, 1.1.2.1/12. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, each address must be added to the list individually.

    IP Reputation

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    In the Allow List field, enter the IP addresses for which anonymous network considerations should be ignored. This should be one or more ranges of IP addresses in CIDR format, separated by commas, for example, 1.1.1.1/24, 1.1.2.1/12. For IP addresses in IPv4 format, you can use IP ranges. For IP addresses in IPv6 format, each address must be added to the list individually.

    IP Velocity

    Note:

    You cannot configure settings for the IP Velocity predictor.

    New Device

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Use the Activation Date field to specify a date when the learning process for the predictor should be restarted. This can be used in conjunction with the fallback setting to force strong authentication when moving the predictor to production.

    Note:

    Activation Date uses UTC time.

    Suspicious Device

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Use the Signed SDK Payload is Required option to specify that the predictor requires that the payload from the Signals (Protect) SDK be provided as a signed JWT.

    Note: Before selecting this option for your predictor, verify that you have enabled the option to have the SDK payload provided as a signed JWT in the initialization code for the SDK. If you are using DaVinci flows, you can enable the signed JWT option when configuring the skrisk component in your flows. For details, see the documentation for the web version of the Signals SDK and the documentation for the PingOne Protect DaVinci connector.

    User Location Anomaly

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    Enter the radius Distance and select the Measurement units (miles or kilometers).

    User-Based Risk Behavior

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    User Risk Behavior

    Use the Fallback Predictor Decision Value list to select the risk level that this predictor should be assigned if there's insufficient information to calculate the risk level.

    User Velocity

    Note:

    You cannot configure settings for the User Velocity predictor.

  4. Click Save.