Risk-Based Authentication
  • 28 Sep 2022
  • 1 Minute to read
  • Contributors
  • Dark
    Light

Risk-Based Authentication

  • Dark
    Light

Article summary

The following steps are used to implement PIN based RBA with the RFID authentication method. This means when a user scans their card, they will be prompted to enter the PIN type associated with their authentication set and will not be prompted to enter their PIN again for the grace period’s set amount of time.

Step 1 - Setting Up The Policy

  1. In your MFA Admin Portal, go to the Policies tab.

  2. Select View All Policies on the left-hand side.

  3. Next to the corresponding policy you wish to modify: Click Edit.
    rba 1 - edit policy

  4. The policy will open up directly to the Logon tab - where we will need to be. There’s seven available options pertaining to RBA, but the bottom two are the only ones necessary for this configuration. Check the boxes to the following options and set the grace period’s window of time.
    rba 2 - mod


Step 2 - Configure The RBA Pin Policy

  1. Click over to the Methods tab.

  2. On the left-hand side, select your authentication method of which you will be creating or modifying PIN policies (in this example we will be using the Contactless Card method).

  3. A new list underneath your method will appear. Select PIN Policies.

  4. This example already has a custom PIN policy created. Next to your policy, click Edit.
    rba 1 - edit policy.png

  5. Regardless of your policy requirements, be sure that the Risk-Based PIN option is checked. Click Save.
    rba 2 - edit rba.png

  6. Return to the Profile List back on the left-hand side.

  7. Next to a previously created or pre-existing PIN profile, select Edit.
    rba 3 - edit profile.png

  8. In the drop-down box for PIN Policy Name, select your RBA PIN Policy. Click
    Save.
    rba 4 - attach to set.png


Step 3 - Applying The Policy To The Auth Set

  1. Go to the Sets tab.

  2. Next to your current authentication set or newly created set, click Edit.
    rba 1 - edit set.png

  3. In the new pop-up window, click Edit Profiles… in the bottom right-hand corner.
    rba 2 - edit auth set.png

  4. Under the authentication method the RBA PIN was created for, use the drop-down box to select your new PIN Profile. Click Save.
    rba 3 - edit auth set profiles.png

  5. Apply this authentication set to your user(s) if it isn’t already. If the authentication
    set is already in place, the change will not immediately take effect until the user and
    computer can synchronize with the server again. You can speed this process up by manually opening their user, changing their auth set then flipping it back to the correct
    set.
    rba 4 - pick set.png

rba 4 - pick set2.png


Was this article helpful?