> Policies > Risk-based Authentication. The Risk-based Authentications page appears.
These settings control the system-wide risk-based authentication (RBA) restrictions applied to users of your Identity as a Service account. If a system-wide RBA setting conflicts with a user-specific RBA setting, the user-specific setting overrides the system-wide setting (see Manage user risk-based authentication settings).
The system-wide RBA settings contain default values. They can be modified as required.
Modify risk-based authenticator settings
1. Click
> Policies > Risk-based Authentication. The Risk-based Authentications page appears.
2. Click General and complete the following:
a. Set Maximum Number of Locations to the number of most recent locations stored for users. These are stored in a user's account Location History. The minimum value is 0, which disables the location history feature. The maximum value is 10. The default value is 5.
b. Set Location History Lifetime in Hours to the number of hours an entry in the user's location history is considered for comparison. The default value is 0. The maximum value is 100 years.
c. Set Location History Trust Threshold to the number of times a user must log in from the same location before the location is trusted. The default value is 1. The maximum value is 100 times.
d. Select Check IP Address in Location History to compare the authentication request IP with the values in the Location History.
e. Select Check Travel Velocity to compare the distance between locations from which a user has authenticated within a specific period of time.
f. Set Maximum Travel Velocity to the maximum distance and speed (in kilometers per hour (km/h) a user can travel between two authentication location points. This velocity is used when performing an IP/Geolocation test on users during an authentication attempt. The default value is 800 km/h. The minimum value is 100 km/h. The maximum value is 1200 km/h.
g. Set Maximum Number of Expected Locations to the maximum number of locations the users in your account can log in from without triggering a risk-based authentication failure. The default value is 10, minimum value is 0, and maximum value is 20 maximum value is 20. (See Managing user location history for more information).
h. Set Low-Medium Risk Threshold to the upper, non-inclusive value a user's risk score must be greater than or equal to for them to be classified as medium, and no longer low, risk. This setting defines the default value. The threshold for each SAML application can be customized through each application's resource rules. The default threshold value is 21 points. The minimum value is 1 point. The maximum value is 100 points.
i. Set Medium-High Risk Threshold to the upper, non-inclusive value a user's risk score must be greater than or equal to for them to be classified as high, and no longer medium, risk. This setting defines the default value. The threshold for each SAML application can be customized through each application's resource rules. The default threshold value is 51 points. The minimum value is 1 point. The maximum value is 100 points.
3. Click Save.
4. Click Expected Locations and complete the following:
a. Select Expected Locations from the drop-down list. The Expected Locations page appears.
b. Click Add. The Add Expected Location page appears.
c. You must provide a value for at least one of these fields:
– Select the Country from the drop-down list.
– Enter a City Name.
– Enter the ISP (Internet Service Provider)
– Enter
the IP Address. Click 
to resolve the IP address. The country, city name and ISP are populated
based on the IP Address.
d. Click Save. You are returned to the Expected Locations page.
e. Repeat these steps to add more expected locations.
● If you need to delete any expected locations:
a. Click 
next to the location you want to delete.
b. Click Delete on the confirmation prompt.
● If you want to filter for a country:
a. Click 
to enable filtering.
The Filters dialog box appears.
b. Select your filter options and click Apply.