Abstract: According to an example embodiment, a system may include at least one processor and at least one memory comprising a policy module configured to receive data indicating risk factors associated with users of the system; update risk levels for the users by applying the data to risk factor rules; and provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module. The at least one processor and at least one memory may also comprise the authentication module configured to receive a first access request from a user; in response to receiving the first access request, request a first updated risk and/or authentication level for the user from the policy module; and require the user to provide a first authentication technique to grant the first access request based on the first updated risk and/or authentication level received from the policy module.

Abstract: According to an example embodiment, a system may include at least one processor and at least one memory comprising a policy module configured to receive data indicating risk factors associated with users of the system; update risk levels for the users by applying the data to risk factor rules; and provide the updated risk levels and/or authentication levels associated with the updated risk levels to an authentication module in response to receiving requests from the authentication module. The at least one processor and at least one memory may also comprise the authentication module configured to receive a first access request from a user; in response to receiving the first access request, request a first updated risk and/or authentication level for the user from the policy module; and require the user to provide a first authentication technique to grant the first access request based on the first updated risk and/or authentication level received from the policy module.