Sample resource rule graphs

A resource rule follows this flow:

1.      Start—The General Settings to input the name and description of the resource rule.

Tip: Anytime you click in the Canvas of the graph, the General Settings appear.

●       Access Control—Optional. Set Authentication Context References, Domain-based IdP, and Groups to further streamline whether users accessing the resource can have this resource rule considered. They must connect to Access Evaluation.

–  Authentication Context ReferencesConfigure to evaluate users with an ACR specified in their request. See Add Authentication Context References for more information.

–  Domain-based IdPEvaluates users that are associated with or not associated with a domain.

–  GroupSet the group of users that are evaluated.

2.      Access Evaluation—Connect the Access Filters to the Risk Factors.

3.      Risk Factors—Add the Risk Factors that are evaluated in the Risk Assessment. They must be connected to Risk Evaluation.

4.      Risk Evaluation—Determine the user risk levels assessed by the risk factors.

5.      Authentication Tasks—Add the Authentication Results for low, medium, or high risk to determine the authentication flow required to allow or deny access to the protected resource.

Examples

Basic Template

Access Filters

Risk Factors

Risk Evaluation/ Authentication Flow