Risk-based/Adaptive Authentication

Risk-based authentication (RBA), also called Adaptive Authentication, adds a dynamic security layer by analyzing user login behavior and contextual factors in real-time. Instead of relying solely on static credentials, RBA adapts authentication requirements based on the calculated risk level of each login attempt.

When suspicious or unusual activity is detected—like a login from a new location, device, or IP—RBA can trigger additional verification steps such as Multi-Factor Authentication (MFA), admin alerts, or even deny access. RBA adapts real-time security measures by analyzing parameters such as location, IP address, device, browser, and behavior patterns—allowing organizations to respond to risk events, forecast potential threats, and take timely action to mitigate them.

Key Features

• Risk Factor Evaluation
  Monitors login attempts using parameters like:

  • IP address
  • City and country
  • Device
  • Browser

• Adaptive Responses
  Automatically triggers predefined actions like MFA, email alerts, or blocks based on real-time risk scoring.

• Real-Time Scoring
  Assign a dynamic risk score to each login attempt by comparing it with a user’s historical login behavior.

Common Use Cases

• Secure Remote Access: Detect logins from unknown networks or locations.
• Prevent Account Takeover: Trigger MFA for suspicious logins or new devices.
• Detect Insider Threats: Flag unusual login behavior in corporate systems.
• Compliance Enforcement: Apply adaptive controls for industry regulations.

Admin Console Configuration

Risk-Based Authentication in the Admin Console includes configurable settings for managing risk factors, defining adaptive responses, setting up notifications, and customizing templates for risk-related events.

Manage Risk Factors

Enable and configure specific risk detection categories. Each factor includes custom logic to define when a login attempt is considered risky.

Risk Factor Settings

Each risk factor allows you to configure how trusted behavior is evaluated and how the system should respond when a risk is detected.

• Login Flow Condition Login Flow Condition in Risk-Based Authentication (RBA) helps track and store known login locations (such as cities or countries) based on a user's login activity. This allows the system to recognize familiar patterns and identify potential risks when unusual login attempts occur.

  Storage Condition:
  There are two ways to store known login locations:

  • By Days: Stores all cities or countries the user has logged in from within the last X days. If set to 0, values are retained indefinitely.
  • By Count: Stores a fixed number of the most recent login locations. When a new location is added, the oldest one is removed.

Example:
If a user logs in from New York, London, and Tokyo, and the system is set to store locations by count (2), only London and Tokyo will be retained once the user logs in from another new city.
Similarly, if the system is set by days (30 days), it will remember all login locations used in the past month.

• Risk Response Actions:
  • No action
  • Trigger Multi-Factor Authentication (MFA)
  • Block the login attempt
• Notifications:
  • Admin – for internal monitoring
  • User – to inform about suspicious login attempts.

Risk Factors

• City-Based Risk Detection: Flags logins from cities that differ from the user’s known login history. It is ideal for catching unusual travel-based access patterns.

• Country-Based Risk Detection: Monitors and responds to logins from unfamiliar countries. Useful for preventing unauthorized access across regions.

• IP-Based Risk Detection: Detects login attempts from unknown IP addresses. This is particularly effective in identifying proxy-based or botnet threats.

• Device-Based Risk Detection: Triggers actions if the login is from a new or unrecognized device type or model.

• Browser-Based Risk Detection: Monitors browser-level attributes to identify unfamiliar access attempts from different user agents.

Additional Settings

Additional settings allow you to configure risk-based actions in the admin console.

MFA Configurations

Multi-factor settings enable customers to select an MFA method that activates when a risk is detected. Users can choose between receiving a passcode via Email or SMS or answering a Security Question.

Admin Email Configuration

Notify internal security or IT teams when a risky login is detected.
You can add admins' email addresses to receive alerts.

Email & SMS Templates

Fully customize the messages sent during risk-related events:

Email Templates: Define alert format, branding, and risk detail visibility. To configure, go to the Risk-Based Email Template section in the Admin Console.

SMS Templates: This section enables you to customize the SMS notification template for risk detection alerts, which can be sent to the user or the site admin. To configure, go to the Risk-Based SMS Template section in the Admin Console.

📌 Note: You can create different templates for various types of risks or customize unique content for each risk.

Best Practices

• Enable only the relevant risk factors to your use case to avoid unnecessary friction.
• Pair RBA with MFA to add a secure fallback mechanism for flagged attempts.
• Regularly audit alert logs and template messaging to improve incident response.
• Keep admin emails up-to-date to ensure timely risk detection alerts.
• Customize action thresholds (login count/days) to balance security with user experience.

Related Resources

• Multi-Factor Authentication
• Session Management
• Security
• Email Template Management
• SMS Template Management