Third-party risk provider integration overview

On This Page


The Okta Risk Engine evaluates authentication attempts by reviewing the risk score of the sign-in based on context and historical data. Using Okta Risk APIs, third-party risk providers can integrate with the Okta Risk Engine using a standard Okta service application. The third-party risk provider can send risk events, which can be used when calculating the authentication risk based on the risk policy configured in the Okta org. The risk events are additionally logged as part of the System Log.

This guide provides an example third-party risk provider implementation with your Okta org.

Note: Third-party risk events are received from non-Okta Applications. You are not required to receive or utilize third-party risk events within Okta Risk Engine, but if you configure Okta Risk Engine to utilize third-party risk events, then you are consenting to Okta receiving and sharing data with the non-Okta Application as necessary to provide this functionality. You may only utilize these third-party risk events if you are a customer of both Okta and the non-Okta Application. Okta cannot guarantee continued partnerships or functionality with any Non-Okta Applications.


To use this guide, you need the following:

High-level configurations

Creating a third-party risk provider integration follows the general configurations for creating an OAuth service application using the OAuth client credentials grant flow. The service application provides an integration for the default risk provider and the Okta Risk Engine, and Risk Event API calls can test for a successful setup. Follow the high-level steps below to set up an example third-party risk provider integration.

  1. Create self-service application for the risk provider
  2. Update the default risk provider
  3. Test the integration

See also