Configure Device History Settings for a Risk-Based Authentication Policy

For risk-based authentication (RBA), the system maintains a device history for each user. The device history is a list of user authentication devices from previous successful logons. Once added to the list, the device is considered to be registered. When the user tries to access an RBA-protected resource using a registered device, the authentication attempt is likely to have a higher assurance level.

You can set the maximum number of registered devices preserved in each user’s device history. If the number of registered devices exceeds the limit, the nightly cleanup job deletes the least recently used devices.

Also, you can specify when inactive devices are removed from a user’s device history. For example, you can specify that devices are removed from a user’s device history after 30 days of inactivity.

Procedure 

1. In the Security Console, click Authentication > Policies > Risk-Based Authentication Policies > Manage Existing.

2. Click the policy that you want to configure, and select Edit.

3. Under Device Administration Settings, enter numbers for the following fields:

   1. In the Total Registered Devices field, enter the maximum number of registered devices preserved in each user’s device history.

   2. In the Unregister Devices field, enter the number of consecutive days that a device can remain inactive before the system removes it from the user device history.

4. Click Save.