The risk-based authentication (RBA) message policy defines the message that users see when they are prompted to configure an identity confirmation method.
RSA Authentication Manager provides a default RBA message policy. When you create a security domain, you can use the default policy, or you can add a custom RBA message policy and assign it to a security domain. The policy that you choose applies to all users in the security domain. For more information, see Add a Risk-Based Authentication Message Policy.
In the Security Console, click Administration > Security Domains > Manage Existing.
From the security domain tree, select the security domain that you want to edit.
From the context menu, click Edit.
Under Policies, in the Risk-Based Authentication (RBA) Policy field, use the drop-down menu to select a policy for the security domain.