After you enable Risk Score authentication in Workspace ONE Access, you must set up the access policy rules to use this authentication method.
This example shows an access policy that is configured with the following access flow.
- Users with a low risk score and a compliant iOS device can access the apps without entering additional credentials.
- Users with a medium risk score and a compliant iOS device must use VMware Verify as a second authentication method before accessing the app.
- Users with high risk-scores and a compliant iOS device are denied access to the apps.
Risk Score authentication can be applied to any policy rule, but Risk Score cannot be the first authentication method listed in the policy rule.
Prerequisites
- Mobile SSO ( for iOS)
- Device Compliance
- Risk Score with the action type set up as follows.
- Low set to Allow Access
- Medium set to Step-up Authentication
- High set to Deny Access
Procedure
- In the Workspace ONE Access console Identity & Access Management tab, select .
- Create a new policy named Restricted Resources.
- In the Applies To section, the secure apps to associate with this policy are added. For example, Company Restricted App 1, Company Restricted App 2, Company Restricted App 3.
- Policy rule is configured as follows.
Option Description If a user's network range is ALL RANGES and user accessing content from iOS and user belongs to groups No group is selected. The access policy rule applies to all users. Then perform this action Authenticate using.... then the user may authenticate using Mobile SSO (for iOS). Device Compliance (with AirWatch)
Risk Score
If the preceding methods fails or is not applicable, then Configured multi-factor authentication. Mobile SSO (for iOS)
Device Compliance (with AirWatch)
VMware Verify
Re-authenticate after 8 hours
Results
For more information about creating access policy rules, see Managing Access Policies in Workspace ONE Access That Apply to Users.
