On the Risk Settings page, you can create a sample policy named Demo_RiskPolicy. This sample policy is configured for the following use case:
Let us assume a company named Company1 wants to control access to its resources. Company1 wants to configure specific authentication methods for each of the following scenarios:
Scenario 1: A user accesses the resource using the internal network.
Scenario 2: A user accesses the resource from an external network and the request contains a cookie from the Intranet site indicating that the user has earlier logged in to the resource.
Scenario 3: A user accesses the resource from an external network during regular work hours that is from 9 am to 5 pm.
Scenario 4: A user accesses the resource from an external network and beyond regular work hours that is from 9 am to 5 pm.
When you click Create Sample Data, A policy named Demo_RiskPolicy is created. The following are the details of the policy:
Name of the policy: Demo_RiskPolicy
Rules: The policy contains the following rules in the same sequence. The rules are executed from top to bottom.
DemoRule_InternalNetwork: To check whether the employee is in the internal network.
Rule Type: IP Address Rule
IP address range: 121.1.1.1 - 121.121.255.254
Action If Condition Succeeds: Allow Access
DemoRule_IntranetCookie: To check whether the employee is accessing with a valid cookie from an Intranet site.
Rule Type: Cookie Rule
Cookie Name: IntranetCookie
Cookie Value: is/test
DemoRule_TimeOfLogin: To check whether the employee is accessing from an external network and time is between 9 AM to 5 PM.
Rule Type: Use Time of Login Rule
User time of login: is
Day: Monday to Friday
Time: 9 AM to 5 PM
Risk Levels:
Low: The green slider is set to 0. When conditions of all rules are met, the risk is low.
Medium: The blue slider is set to 2. When conditions of two rules fail, the risk is medium.
High: If all three rules fail, the risk is high.