Risk-based access provides access decision and enforcement
that is based on a dynamic risk assessment or confidence level of
a transaction. Risk-based access uses behavioral and contextual data
analytics to calculate risk.
Risk-based access is a pluggable and configurable component for IBM® Tivoli® Federated Identity Manager.
Risk-based access:
- Improves security during authentication and authorization of business
transactions.
- Assesses risk based on static, contextual, and analytically calculated
attributes.
- Calculates a risk score based on multiple weighted attributes.
- Provides policy rules that determine whether an access request
must be permitted, denied, or challenged.
You can configure risk-based access to:
- Silently register or require users to register devices that they
commonly use.
- Associate the registered devices with user credentials.
- Present a challenge or request additional authentication, if the
user attempts to authenticate with the same credentials from another
unregistered device.
- Use the behavioral patterns of the user as a factor in risk score
calculation. For example, a user might attempt to access a protected
resource at a time outside of normal business hours. You can configure
the risk-based access policy to deny access or force the user access
to authenticate with a secondary challenge.