Manage risk profiles
A risk profile is a collection of attributes with assigned weights. We can view a list of profiles or to add, delete, or clone profiles or set a profile to active. Only one risk profile can be active at a time.
Several risk profiles are predefined based on risk assessment for a collection of attributes. Predefined risk profiles are read only and we cannot modify their weights or add attributes to them. We can add custom risk profiles by creating our own or by cloning an existing profile.
By default, a risk profile named Default is set to active. The Default profile includes all the risk profile attributes with weights set to 0. With this profile active, if a user logs in with no devices registered, the risk score of that user is 100. If a user logs in with a device registered, the risk score of that user is 0. The Default profile is a sample profile. It is not intended to be used in a production environment. Before we use Security Verify Access, choose another risk profile or create our own. Use single-value attributes when we create a risk profile. Multivalue attributes are not supported in risk profiles. There are two sections on the Risk Profile page:
- Risk Profiles
- The Risk Profiles section lists all the available risk profiles. An icon indicates which profile is active. Click a profile to select it.
- Selected Profile Contents
- The Selected Profile Contents section displays the Attribute and Weight for a selected risk profile. If we select a custom risk profile, we can modify the weight by typing a number or selecting a number.
Steps
- Log in to the local management interface.
- Click AAC.
- Under Policy, click Risk Profiles.
- Perform one or more of the following actions:
- Rename a risk profile
- Right-click the profile name in the table and click Rename to change the name. The risk profile name must begin with an alphabetic character. Do not use control characters, leading and trailing blanks, and the following special characters ~ ! @ # $ % ^ & * ( ) + | ` = \ ; : " ' < > ? , [ ] { } / anywhere in the name.
- Press Enter to apply the change.
- Modify a custom profile
- We can modify only custom profiles.
- Select a custom profile.
- Modify the attributes and associated weights in the Selected Profile Contents section.
- Create a custom profile
- Click .
- Type a name for the profile. Click Save.
- In the Profile Contents section, click to add one or more attributes.
- In the Add Profile Attributes window, select an attribute to use. Click the Attribute column to sort the list in ascending or descending order. To filter the list of available attributes, type one or more characters in the Filter field. For example, if you type current in the Filter field, all attributes that start with current are shown in the attributes list. The attributes that match those characters are displayed.
- Select one or more attributes to add.
- Click Add.
- Click Close when we are done with the Add Profile Attributes window.
- Change the weights by typing or selecting a number.
- Click Save to apply the changes.
- To make this new profile active, click Set Active.
- Create a copy of a profile and use it to make a custom profile
- Select the profile to clone and give the profile a unique name.
- Click .
- Type a new name for the cloned profile.
- Click Save.
- Clone.
- In the Profile Contents section, select an attribute and take one of the following actions:
- Type a new value in the Weight field.
- Click to remove both the attribute and weight.
- Click to add one or more attributes. In the Add Profile Attribute window, select the attributes to use. To filter the list of available attributes, type one or more characters in the Filter field. The attributes that match those characters are displayed. For example, if you type header in the Filter field, all attributes that start with header are shown in the attributes list. Select the attribute to use in the list and click Add. Click Close when we are done with the Add Profile Attributes window.
- Click Save after each change to apply the change.
- To make this new profile active, click Set Active.
- Delete a risk profile
- Select a risk profile. We cannot remove predefined risk profiles.
- Click .
- Respond to the confirmation prompt.
The risk profile is removed and cannot be used.
- Make a profile active
- Select a profile.
- Click Set Active. Only one profile can be active at a time.
- When we add, modify or delete a risk profile, a message indicates there are changes to deploy. If we are finished with the changes, deploy them.
For information, see Deploying pending changes.
Parent topic: Risk profiles