After you enable Risk Score authentication in Workspace ONE Access, you must set up the access policy rules to use this authentication method.

This example shows an access policy that is configured with the following access flow.

  • Users with a low risk score and a compliant iOS device can access the apps without entering additional credentials.
  • Users with a medium risk score and a compliant iOS device must use VMware Verify as a second authentication method before accessing the app.
  • Users with high risk-scores and a compliant iOS device are denied access to the apps.

Risk Score authentication can be applied to any policy rule, but Risk Score cannot be the first authentication method listed in the policy rule.

Prerequisites

For this example, the following authentication methods are enabled.
  • Mobile SSO ( for iOS)
  • Device Compliance
  • Risk Score with the action type set up as follows.
    • Low set to Allow Access
    • Medium set to Step-up Authentication
    • High set to Deny Access

Procedure

  1. In the Workspace ONE Access console Identity & Access Management tab, select Manage > Policies.
  2. Create a new policy named Restricted Resources.
  3. In the Applies To section, the secure apps to associate with this policy are added. For example, Company Restricted App 1, Company Restricted App 2, Company Restricted App 3.
  4. Policy rule is configured as follows.
    Option Description
    If a user's network range is ALL RANGES
    and user accessing content from iOS
    and user belongs to groups No group is selected. The access policy rule applies to all users.
    Then perform this action Authenticate using....
    then the user may authenticate using Mobile SSO (for iOS).

    Device Compliance (with AirWatch)

    Risk Score

    If the preceding methods fails or is not applicable, then Configured multi-factor authentication.

    Mobile SSO (for iOS)

    Device Compliance (with AirWatch)

    VMware Verify

    Re-authenticate after 8 hours

Results

For more information about creating access policy rules, see Managing Access Policies in Workspace ONE Access That Apply to Users.