After you enable Login Risk Score authentication in Workspace ONE Access, you must set up the access policy rules to use this authentication method.
This example shows an access policy that is configured with the following access flow.
- Users with a low login risk score logging in with an iOS device can log in without entering additional credentials.
- Users with a medium login risk score logging in with an iOS device must use VMware Verify as a second authentication method to log in.
- Users with a high login risk score logging in with an iOS device are denied access.
Login Risk Score authentication can be applied to any policy rule, but Login Risk Score cannot be the first authentication method listed in the policy rule.
- Mobile SSO ( for iOS)
- Login Risk Score with the action type set up as follows.
- Low set to Allow Access
- Medium set to Step-up Authentication
- High set to Deny Access
- In the Workspace ONE Access console page, select. default access policy to edit.
- In the Configuration page, create the policy rule as follows.
Option Description If a user's network range is ALL RANGES and user accessing content from iOS and user belongs to groups No group is selected. The access policy rule applies to all users. Then perform this action Authenticate using.... then the user may authenticate using Mobile SSO (for iOS).
Login Risk Score
If the preceding methods fails or is not applicable, then Configured multi-factor authentication.
Mobile SSO (for iOS)
VMware VerifyNote: You must add the same authentication methods in the fallback list as listed before Login Risk Score in the first authenticate using... configuration.
Re-authenticate after 8 hours
What to do next
In the console, go to the Managing Access Policies in the Workspace ONE Access Service.page. See