The default risk-based authentication (RBA) policy is the default policy for all security domains in the deployment. For individual security domains, you choose a policy other than the default.
In the Security Console, click Authentication > Policies > Risk-Based Authentication Policies > Manage Existing.
Click the policy that you choose as the default policy, and select Edit.
In the Default Policy field, select Set as default RBA policy for the system.
Risk-Based Authentication Policies
Methods for Enabling Users for Risk-Based Authentication