Oracle Cloud Infrastructure Documentation

Updating the Default Risk Provider

Update the default risk provider for an identity domain in IAM.

  1. Open the navigation menu and click Identity & Security. Under Identity, click Domains.
  2. Click the name of the identity domain that you want to work in. You might need to change the compartment to find the domain that you want. Then, click Security and then Adaptive security.
  3. Click the Actions menu in the Default risk provider row and then Edit risk provider. Change the description or risk range. To learn about risk ranges, see Creating a Third-Party Risk Provider.
  4. Select or clear a checkbox to enable or disable the event. You can't disable all events for the default risk provider.
    Note

    To set the maximum number of unsuccessful logins for the Too many unsuccessful login attempts event, see Modifying the Custom Password Policy.

    To set the maximum number of unsuccessful MFA logins for the Too many unsuccessful MFA attempts event, see Configuring Multifactor Authentication Settings.

  5. Set a value (Weighting) for each event that corresponds to the risk range for this risk provider.

    For example, you can set the Low risk range for the risk provider to be 0-10, the Medium risk range to be 11-80, and the High risk range to be 81-100.

    If you set the weighting of the Access from an unknown device event to 20, and a low-risk user accesses an identity domain with an unknown device, the user's risk range changes to Medium.

  6. Click Save changes.
  7. Confirm the changes.