This event is generated when you select the Risk-Based Authentication Action Invoked option under Audit Logging on the Logging page of an Identity Server configuration.
Description: Risk-Based authentication action for user.
Originator (B): Schema Title: Originator Data Description: JCC Device ID (AMDEVICEID#device_id:)
Target (U): Schema Title: User Identifier Data Description: User DN
SubTarget (Y): Schema Title: Authentication Identifier Description: IDP Session ID (AMAUTHID#auth_id:)
Text1 (S): Schema Title: RiskScore Description: Risk score(number) plus IDP session id seperated by '-'.
Text2 (T): Schema Title: RiskLevel Description: Risk category defined by risk score value plus user agent plus cluster id of IDP all seperated by '-'.
Text3 (F): Schema Title: Action taken Description: Risk category defined action taken as part of risk based authentication.
Value1 (1): 0
Group (G): 0
Data Length (X): 0
Data (D): Schema Title: Client IP Address Description: IP Address of the host from which the authentication succeeded.