Skip to content

Trust Policy

Identity Risk trust policies enables administrators to evaluate sessions to quickly discover and remediate malicious activity in an organization. Configuring trust scores allows you to build a trust profile and using trust factors and weights to evaluate sessions.

Key Definitions

  • Trust Score - The quantitative evaluation of how an actor, human or machine, interacts with a system. A trust score is calculated on a session-by-session basis and ranges from 0 (low trust) to 100 (high trust). The score helps in determining whether an actor associated with a session is who they say they are.

  • Trust Factors - The individual building blocks used to construct a trust profile. Each trust factor contributes to the trust score of a particular session by matching conditions detected during a session.

  • Trust Profile - The aggregation of multiple trust factors. A trust profile defines the set of factors against which a session is assessed. Trust profiles can be applied to a set of actors in your environment to ensure sessions for those actors are evaluated according to the specified trust profile.

  • Factor Weight - Each trust factor has an associated weight that indicates the degree to which it affects the trust score.

  • Threshold: The threshold represents the minimum trust score required to access the application. If access is detected with a trust score below the threshold, a response is initiated.

Trust Factors

SailPoint Identity Risk provides five trust factors that are available to all users:

  • Access from a country under ITAR, EAR, or OFAC Embargo - Evaluates the origin of the detected access and cross references it with a set of countries that represent a degree of risk. This list is currently not configurable.

  • Access originates from a TOR exit node or utilizes an anonymous proxy - Evaluates the network origin of detected access to determine if there is any detected IP risk.

  • Risk reported by IdP - Detects if an Identity Provider (IdP) detected any risk during the sign-on process.

  • Access with weak or no MFA - Detects if a session involved weak MFA factors or if no MFA was used. Weak MFA factors are defined as email, phone calls, or SMS messages.

  • Access after being inactive for more than 30 days - Detects session activity for actors that have been inactive for more than 30 days. This threshold is not configurable.