UniFi Identity Enterprise - Risk Scoring
Overview
Notes
- This feature is unavailable in the Identity Enterprise Basic Plan.
-
To subscribe to the Standard Plan, please use your owner account to sign in to your Identity Enterprise Manager and go to Settings > Plan & Billing > Upgrade Plan.
-
To apply for a free trial, please use your owner account to sign in to your Identity Enterprise Manager and go to Settings > Plan & Billing > Feature Usage > Apply for Plan Add-Ons.
-
The UniFi Identity Enterprise risk scoring system uses a risk service for calculation and stores risk-related data in a database. UniFi Identity Enterprise uses these scores to check the chances that a sign-in event is an unusual activity.
UniFi Identity Enterprise assigns a risk level to each sign-in attempt by evaluating the following information:
- Numbers of sign-in attempts in a minute;
- The sign-in request IP address;
- The sign-in geographic location;
- The device used for the sign-in request;
- Sign-in time checked against the site’s working hours;
- The velocity of the sign-in attempt compared to data from the last sign-in location.
You can use the risk assessment information to configure security policy rule actions based on the sign-in event risk level. For example, you can configure a security policy to require multi-factor authentication when a sign-in attempt is identified as high risk.
Risk Score Category
UniFi Identity Enterprise administrators can create a security policy rule and action based on the specified risk level. Initially, new users will be assigned a high-risk level, but over time their risk level can be lowered after more information about the user behavior is gathered. As the user continues to sign in to UniFi Identity Enterprise within expected activity levels, the more likely they will be assigned a lower risk level.
Risks can be categorized into 4 levels: Low, Medium, High, or Any. The UniFi Identity Enterprise system classifies risks based on the following scoring range.
Label | Risk Score Range |
Low | 0-40 |
Medium | 41-80 |
High | 81-100 |
Any | / |
Configure Risk Scoring
You can add risk scoring as a condition to any UniFi Identity Enterprise security policy rule. You can set the risk level to Low, Medium, High, or Any when configuring the risk level settings. “Any” is the default security policy rule risk level setting.
To configure risk scoring:
- Sign in to your Identity Enterprise Manager (https://[your workspace domain].ui.com/cloud).
- Go to Security > Identity Firewall.
- Select an existing policy or click + Sign-On Policy, VPN Policy, SSO App Sign-On Policy, or Approval Policy.
- Specify the policy. See Security Policy and Rule for details.
- In the Rules session, click Create or hover your mouse over a rule and click Edit.
- Create a rule: Scroll down to the And if their risk level is field, select a level as needed, and click Add Rule.
- Edit a rule: In the Conditions session, click Add Condition, select a level as needed, and click Save Changes.