Add a Risk-Based Authentication Message Policy

The risk-based authentication (RBA) message policy defines the message that users see when they are prompted to configure their identity confirmation method. You can create multiple RBA message policies, for example, one for each security domain. This policy applies to all users in the security domain.

In a replicated deployment, changes to policies might not be immediately visible on the replica instance. This delay is due to the cache refresh interval. Changes should replicate within 10 minutes. To make changes take effect sooner on the replica instance, see Flush the Cache.


  1. In the Security Console, click Authentication > Policies > RBA Message Policies > Add New.

  2. Under RBA Message Policy Basics, do the following:

    1. In the RBA Message Policy Name field, enter a unique name that does not exceed 128 characters.

    2. (Optional) To set this policy as the default policy, select Set as the default RBA Message Policy.

    3. (Optional) In the Notes field, enter any notes.

  3. Under Message Confirmation, review the message in the Message Text field, and customize the message if necessary.

  4. Click Save.