Risk-based authentication (RBA) solutions are identity management products that weigh user variables to determine and identify threats. Companies use RBA software to increase the effectiveness of user governance and authentication procedures. Users who are determined to be riskier are required to provide additional authentication information. These analyze IP addresses, devices, behaviors and identities to set customized authentication methods for each individual user attempting to access the network. Non-suspicious users accessing applications from known devices, locations, and networks may be automatically signed in. Suspicious users may be required to prompted to provide SMS code, biometric verification, or email confirmation actions to properly verify their identity.
Risk-based authentication products often contain multi-factor authentication features, but set unique requirements based the administrators configuration. RBA tools may work in sync with cloud identity and access management products, but typically only provide the authentication component, rather than the application access and governance components.
To qualify for inclusion in the risk-based authentication category, a product must: