Skip to content

Application Risk Score Configuration

IdentityIQ uses a combination of Component and Composite scoring to determine the overall application risk scores used throughout the application. You configure Component and Composite risk scoring for your applications by navigating to Applications > Application Risk Model.

All scores are calculated by first determining the percentage of accounts that have the qualities tested by the component score. For example, if 10 out of 100 accounts are flagged as service accounts, then the raw percentage is ten percent (.10). This number is then multiplied by a sensitivity value which can be used to increase or decrease the impact of the original percentage. The default sensitivity value is 5 making the adjusted percentage fifty percent (.50). This final percentage is then applied to the score range of 1000 resulting in a component score of 500.

After the component score is calculated a weight, or compensating factor, is applied to each component score to determine the amount each contributes to the overall risk score for the application. The resulting score is the composite score. For example, a few violator accounts might increase risk more than many inactive accounts.

To view the currently configured risk information for an application, go to the Application Definition page, click on a listed application, and then select the Risk tab.

Use these tabs to create risk score factors for your enterprise:

  • Application Component Scores Tab – apply base risk scores to roles, entitlements and policy violations.

  • Application Composite Score Tab – apply compensating factors to base risk scores.

Application Component Scores Tab

Use the Component Scores tab to define the values for each account or component.

Service Account, Inactive Account, and Privileged Account component scores look for links that have a configured attribute. For example, the component service with a configured value true.

The Dormant Account score looks for a configured attribute that is expected to have a date value, for example lastLogin. This algorithm has an argument, daysTillDormant, that defaults to thirty (30). If the last login date is more than thirty (30) days prior to the current date, the account is considered dormant and is factored into the risk score.

The Risky Account score looks for links whose owning identity has a composite risk score greater than a configured threshold. The default threshold is five hundred (500).

The Violator Account score looks for links whose owning identity has a number of policy violations greater than a configured threshold. The default threshold is ten (10).

If you check Disabled for any component, the component is not used to determine the application risk score.

Application Composite Score Tab

Use the Composite Scoring tab to apply a weight or compensating factor for each component. Specify the percentage of contribution for the component scores.