A user must be enabled for risk-based authentication (RBA) to access an RBA-protected resource. Use one of the following methods:
Automatic. When a user accesses an RBA-protected resource, the user becomes enabled for RBA automatically after the first successful authentication. For instructions, see Enable Users Automatically for Risk-Based Authentication.
Manual. Only specified users can access RBA-protected resources. An administrator must manually enable these users for RBA. For instructions, see Enable Users Manually for Risk-Based Authentication.
Note: Users you enable for RBA are counted against the RBA limit in your license.