Skip to main content
Version: 1.16.x.x Java 8 ELS

Risk weight profiles

Preconfigured weight profiles

The profiles "strict", "balanced", and "custom" enable authentication flows based on risk weights. The next sections shortly describe each profile. Subsequently, there are some examples to illustrate the expected behavior of the profiles "strict" and "balanced".

Strict profile

In general, the strict profile applies higher weights to risk scores than the balanced profile would do. Thus, the sum of the risk score weights in case of a strict profile will more likely exceed the various decision thresholds. As a consequence, the result values are less varied: Either the overall risk score is too low to send a notification, or so high that it is necessary to ask for an authentication step-up (to be introduced in a future release). A medium risk is less common.

Balanced profile

Balanced profiles are less likely to return a high security risk, due to the lower weight values. On the other hand, the results can cover a wider range of values, which enables the authentication flow to be more fine-tuned (pass, notification, step-up, fail).

Custom profile

If neither of the above two profiles matches your requirements, you can configure a custom profile, by manually setting the risk score weights as described in chapter NevisAdaptAuthState. Get in touch with your Nevis contact if you need to configure a custom profile.

Behavior examples

The nevisAdapt service uses various inputs and threat indicators to reach a final threat score. This means that the calculations of the final scores depend on multiple events. It would go too far to describe all possible combinations. But to get an idea of how different the profiles behave, have a look at the following lists. They show the impact of single incoming events on each profile.

Risk levelDescription
AssuranceAssurance events are able to decrease the overall risk score as their imitation is not feasible.
No risk"No risk" events do not affect the final score significantly. However, in some cases they can be the deciding factor to transform a final risk score from "Medium" to "High".
Low risk"Low risk" events do not affect the final score significantly on their own. However, the combination of various low risk events can lead to an overall higher risk score.
Medium risk"Medium risk" events trigger a notification. A combination of a "Medium" and "Low" or "Medium" risk can lead to high risk score.
High risk"High risk" events trigger a notification. Note that in future releases, a "high risk" event will trigger a step-up.

Risk level

Incoming eventStrict behaviorBalanced behavior
New deviceHighMedium
Known deviceNo riskNo risk
Established deviceAssuranceAssurance
Incoming eventStrict behaviorBalanced behavior
New browserNo riskNo risk
Known browserAssuranceAssurance
Established browserAssuranceAssurance
Shared device+browserLowLow
Incoming eventStrict behaviorBalanced behavior
New IPLowLow
Established IPAssuranceAssurance
Incoming eventStrict behaviorBalanced behavior
Signing in from a different countryLowNo risk
Signing in from a blacklisted countryHighMedium
IP velocity triggeredMedium-HighLow-Medium
IP reputation triggeredMedium-HighLow-Medium
Shared deviceNo riskNo risk
New deviceHighMedium
New device + new country/IPHighHigh
Home/mobile phone IP changesLowLow
Notable protection: EvilginxHighHigh