Enable Identity Confirmation Methods for a Risk-Based Authentication Policy
If your deployment uses risk-based authentication (RBA), you must enable at least one identity confirmation method. RBA is a multifactor authentication solution that strengthens traditional password-based systems by applying knowledge of the client device and user behavior to assess the potential risk of an authentication request. If the assessed risk is high, the user is challenged to further confirm his or her identity using one of the following methods:
On-demand authentication (ODA). The user must correctly enter a PIN and a one-time tokencode that is sent to a preconfigured mobile phone number or e-mail account.
Security questions. The user must correctly answer one or more pre-enrolled security questions.
Procedure
In the Security Console, click Authentication > Policies > Risk-Based Authentication Policies > Manage Existing.
Click the policy that you want to configure, and select Edit.
In the Identity Confirmation Methods section, select the methods that you want to enable.
Click Save.
After you finish
If you selected ODA, you need to configure an on-demand tokencode delivery method. For instructions, see Configure On-Demand Tokencode Delivery.
The user must configure the enabled method during logon (if prompted), or in the Self-Service Console. For more information, see Device History for Risk-Based Authentication.
If you enable more than one method, the user can configure one or both methods. When both methods are configured, the user can choose either method when providing identity confirmation.
Related Concepts
Related Articles
Performance issue with Change Request generation from a Review to Revoke a large volume of access in RSA Identity Governan… 10Number of Views RSA Identity Governance & Lifecycle - Unable to create change requests when running a form that has more than one Provisio… 62Number of Views Users are not redirected back to SAML application after authenticating to the RSA SecurID Access Application Portal during… 135Number of Views Patch/upgrade fails with 'Error deploying the ear file' error in RSA Identity Governance & Lifecycle 583Number of Views Google Chrome reports NET::ERR_CERT_COMMON_NAME_INVALID due to missing Subject Alternative Names when accessing the RSA Id… 185Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager 8.9 Setup and Configuration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to 'Trust' the RSA Authentication Manager Security Console Self-Signed Root CA certificate and prevent Cert warnings.