You can view and configure the policy for VIP Intelligent Authentication (IA). VIP IA provides risk-based authentication that evaluates user behavior and attributes of a user's browser or device. This policy allows you to:

	Enable VIP IA.
	Set a VIP IA threshold value. This value determines how likely IA will require additional authentication, based on its estimate of user risk. If an IA risk level for a user's authentication attempt is above the set threshold, IA will require additional authentication before the user is granted access. The more tolerant the threshold value, the less likely IA will require additional user authentication.
	Always require security codes from unrecognized devices. This option is enabled by default to take advantage of Device Fingerprint (within the VIP Account policy) for evaluating device attributes during user sign-in. Users will always be challenged to provide a security code for sign-in authentication, regardless of the current IA threshold or risk- based IA score. If VIP IA is enabled and this option is set to No (disabled), users will be challenged for authentication based exclusively on the IA threshold, IA policy settings, and IA risk score, regardless of unrecognized devices.
	Always perform two-factor authentication. This option forces VIP to always challenge users for two-factor authentication regardless of their IA policy settings, IA risk score, or Remembered Device configuration. If IA is enabled for the account, VIP still captures IA data and device information for the user.
	Specify the domain name(s) for your web applications. Enter your externally-accessible domain name(s) for your web applications in the provided field. (As an example, if your sign-in page URL is https://vpn.example.com, you would enter example.com)
	Get VIP Integration Code for Javascript. To take advantage of VIP IA features, you will need to generate the VIP integration code to include the VIP JavaScript library in your application's sign-in page.
	Specify countries that increase the VIP IA risk level. You can select countries that VIP IA will identify as having an increased risk level when users sign in from those locations. Countries with known increased risk are listed by default.
	Specify challenged IP addresses and accepted (white-listed) IP addresses. You can set specific "challenged" IP addresses from where any attempted user sign-in will always be challenged. Conversely, you can set specific "accepted" IP addresses from where any attempted user sign-in will never be challenged. For first-time use, click Browse to upload entries from your file that contains IP addresses. Any updates you make within the IP address field will supersede and replace the entries you have uploaded. Up to 300 entries can be uploaded from a single file (one IP address or one IP address range represents one entry). The file must show each IP address in decimal format, and each IP address range must be separated by a hyphen. All entries must be comma-separated. To capture each entry correctly, ensure each entry is listed without forced line breaks. Example: 10.146.2.40, 172.31.255.255, 192.168.0.1-192.168.0.100

To set the VIP Intelligent Authentication policy:

	Select Policies in the navigation bar at the top of the page.
	Select the "VIP Intelligent Authentication" tab.
	Click the Edit link to configure the VIP IA policy settings.

If you enable VIP IA and want to include the VIP JavaScript library in your application's sign-in page, you need to first generate the VIP integration code for Javascript

You can also customize the VIP Intelligent Authentication (IA) policy at the user group level. Settings at the user group level overwrite the account policy settings for members of that user group.