Add a Risk-Based Authentication Message Policy
The risk-based authentication (RBA) message policy defines the message that users see when they are prompted to configure their identity confirmation method. You can create multiple RBA message policies, for example, one for each security domain. This policy applies to all users in the security domain.
In a replicated deployment, changes to policies might not be immediately visible on the replica instance. This delay is due to the cache refresh interval. Changes should replicate within 10 minutes. To make changes take effect sooner on the replica instance, see Flush the Cache.
Procedure
In the Security Console, click Authentication > Policies > RBA Message Policies > Add New.
Under RBA Message Policy Basics, do the following:
In the RBA Message Policy Name field, enter a unique name that does not exceed 128 characters.
(Optional) To set this policy as the default policy, select Set as the default RBA Message Policy.
(Optional) In the Notes field, enter any notes.
Under Message Confirmation, review the message in the Message Text field, and customize the message if necessary.
Click Save.
Related Concepts
Related Articles
Edit a Risk-Based Authentication Message Policy Number of Views Duplicate a Risk-Based Authentication Message Policy Number of Views Delete a Risk-Based Authentication Message Policy Number of Views Assign a Risk-Based Authentication Message Policy to a Security Domain Number of Views Risk-Based Authentication Message Policy Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
