Couple of questions from : https://www.okta.com/products/adaptive-multi-factor-authentication/ Skip to main content
https://support.okta.com/help/answers?id=906f0000000i0mxiak&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Dale NewhartDale Newhart 

Couple of questions from : https://www.okta.com/products/adaptive-multi-factor-authentication/

Where do I define the authentication policies or find the risk scores mentioned below? :

RISK-BASED ADAPTIVE AUTHENTICATION
Adaptive Authentication controls access based on a user’s historical patterns of behavior. The system can detect anomalous activity and assess risk based on information about the device, network, user, geographic location, and past logins. You can define authentication policies based on the risk scores that users generate in each session.

Are reports available with Okta-collected data referred to below:  How is the data monitored?

Proactive monitoring
Because we manage millions of authentications for millions of users and devices, Okta has unique insight into global patterns of login activity. The system proactively monitors this aggregated, anonymized data to protect access to resources in ways unmatched by any other authentication provider.
Best Answer chosen by Niki (Okta, Inc.) 
Eric KarlinskyEric Karlinsky (Okta, Inc.)

Hey Dale -

Good questions! First, Adaptive MFA is a product that not all Okta customers are licensed for. So the first step is to make sure you're an Adaptive MFA customer.

Now, regarding Risk-based Adaptive Authentication: The product page speaks to our vision for the product as well as the current state. Right now, you're able to set up explicit policies in Okta that take into account rich context when making an adaptive access decision. You use the Okta Sign-On Policy (https://support.okta.com/help/articles/Knowledge_Article/99245886-Configuring-Sign-On-Policies) to achieve that. 

The risk engine is coming soon - this is something that we're working on right now and it constitutes the second phase of the risk-based adaptive authentication product development. The risk engine will simplify the admin experience for managing access to resources. So you're not crazy for not seeing the control UI for that - it's still a work in progress.

As for monitoring: we've completely overhauled Okta's System Log to rely on a new reporting infrastructure. The new System Log surfaces identity intelligence in an easy-to-use, searchable, and responsive interface. That feature may not be on for your tenant since it's in Early Access, but it's available for all Okta customers. Just reach out to support to have that turned on.

Let me know if you have any other questions.

Thanks,
Eric
 

All Answers

Eric KarlinskyEric Karlinsky (Okta, Inc.)

Hey Dale -

Good questions! First, Adaptive MFA is a product that not all Okta customers are licensed for. So the first step is to make sure you're an Adaptive MFA customer.

Now, regarding Risk-based Adaptive Authentication: The product page speaks to our vision for the product as well as the current state. Right now, you're able to set up explicit policies in Okta that take into account rich context when making an adaptive access decision. You use the Okta Sign-On Policy (https://support.okta.com/help/articles/Knowledge_Article/99245886-Configuring-Sign-On-Policies) to achieve that. 

The risk engine is coming soon - this is something that we're working on right now and it constitutes the second phase of the risk-based adaptive authentication product development. The risk engine will simplify the admin experience for managing access to resources. So you're not crazy for not seeing the control UI for that - it's still a work in progress.

As for monitoring: we've completely overhauled Okta's System Log to rely on a new reporting infrastructure. The new System Log surfaces identity intelligence in an easy-to-use, searchable, and responsive interface. That feature may not be on for your tenant since it's in Early Access, but it's available for all Okta customers. Just reach out to support to have that turned on.

Let me know if you have any other questions.

Thanks,
Eric
 

This was selected as the best answer
Hugh KelleyHugh Kelley
Could you share a timeline and feature milestones for Risk-based Adaptive Authentication?  Will we see some of this in Q3 2016?
Eric KarlinskyEric Karlinsky (Okta, Inc.)

Hey Hugh - We're not prepared to announce specific dates for delivery of this feature set, but you can be sure we'll have some exciting announcements and demos at our Oktane user conference in August.

What you will see throughout Q2 and Q3 is continued investment in contextual access management. Richer context about access decisions, including more metadata about IP, Location, User, Device, Protocol, etc. You will be able to filter access based on this context using the Policy Framework.

Alicia TrahnAlicia Trahn
Hi Eric, could you please point us to documentation explaining the Okta Adapative MFA settings for how to use the previously announced risk factors like ip, location, user, device, protocol, etc. to trigger MFA?

This article seems to indicate that only location and IP are the only risk factors that Okta will consider -- am I wrong?
https://help.okta.com/en/prod/Content/Topics/Security/Security_Network.htm

If so, any plans to support other risk factors like user, device, protocol, etc.?