Enable the Risk Score authentication method in the Workspace ONE Access console. You then set the high, medium, and low authentication action that is applied when users attempt to log in.

Note: Risk Score based authentication is available for cloud deployments only.

When you enable Risk Score authentication, you must select the type of action to apply to the score. You can allow access, require step-up authentication, or deny access. The action associated to the risk score determines the user experience.

  • Allow Access. The user can log in and access policy rules are followed.
  • Step-Up Authentication. The user cannot log in with only the credential that was entered. The next authentication method configured in the access policy is presented to the user.
  • Deny Access. User cannot log in and no other login option is presented to the user.


Your Workspace ONE Access tenant must be registered with Workspace ONE Intelligence.


  1. In the Workspace ONE Access console Identity & Access Management > Authentication Methods tab, select Risk Score.
  2. Enable Risk Score and configure the authentication action required for low, medium, and high risk scores.
    The actions available to select are Allow Access, Step-Up Authentication, Deny Access.
  3. Click Save.

What to do next

Go the Policies tab and edit the default access policy to add the Risk Score authentication method to the policy rules and create the policy rule for the step-up authentication flow if applied to a score. See Add a Web or Desktop Application-Specific Policy. To see an example policy rule configuration with Risk Score, see Example Access Policy Using Risk Score Authentication in Workspace ONE Access (Cloud only).