Context-based access policy sample settings to support consent-based device registration

Consent-based device registration is typically enabled and supported by combining the “Consent Register Device” authentication policy and the “Register Device” obligation within a CBA policy.

The CBA policy typically also references the “riskScore” session attribute as a policy rule condition to prevent duplicate registrations. For consent-based device registration, the CBA policy might include rules similar to the following examples:

If riskScore <= 40 
Then Permit   

If userConsent = “true” 
Then Permit with Obligation Register Device   

If riskScore > 40 and     
   userConsent != “true” 
Then Permit with Authentication Consent Register Device   

Parent topic: Consent-based device registration