Enable the User Risk Score authentication method in the Workspace ONE Access console. You then select the type of authentication action to apply to user risks scores based on high, medium, or low scores.

Note: Risk Score based authentication is available for cloud deployments only.

You can allow access, require step-up authentication, or deny access. The action associated to the user risk score determines the user experience.

  • Allow Access. The user can log in and access policy rules are followed.
  • Step-Up Authentication. The user cannot log in with only the credential that was entered. The next authentication method configured in the access policy is presented to the user.
  • Deny Access. User cannot log in and no other login option is presented to the user.


Your Workspace ONE Access tenant must be registered with Workspace ONE Intelligence.


  1. In the Workspace ONE Access console Integrations > Authentication Methods page, select User Risk Score.
  2. Enable User Risk Score and configure the authentication action required for low, medium, and high risk scores.
    The actions available to select are Allow Access, Step-Up Authentication, Deny Access.
  3. Click Save.

What to do next

Go the Resources > Policies page and edit the default access policy to add the User Risk Score authentication method to the policy rules and create the policy rule for the step-up authentication flow if applied to a score. See Managing Access Policies in the Workspace ONE Access Service. To see an example policy rule configuration with User Risk Score, see Example Access Policy Using User Risk Score Authentication in Workspace ONE Access (Cloud only).