The minimum assurance level determines the confidence threshold that each authentication attempt must meet for the user to avoid being challenged for identity confirmation. The setting is in the RBA policy for each security domain. Each time a user authenticates, the risk engine evaluates the device match and user behavior in real-time to produce an assurance level. The risk engine compares the user’s assurance level with the minimum assurance level in the RBA policy. If the user’s level is lower than the minimum, the user is prompted for identity confirmation.