View and investigate user risk levels

if you have the CyberArk Identity User Behavior Analytics service, you can view and investigate a user's risk level from the Admin Portal.

This is helpful if you have users who can't access services, devices, or applications and you need to investigate why. For example, you might have an authentication rule configured that denies access to users with a risk level of medium or higher. You can check in the Admin Portal to verify the user's risk level to determine if that's why the user was denied access.

To view and investigate user risk levels

  1. In the CyberArk Identity Admin Portal, Go to Core Services > Users to see risk levels for your users.

  2. Right-click a user and select Investigate User in UBA Portal to open the Risk Investigation View on the User Behavior Analytics Explorer page for the selected user.

    The Risk Investigation View provides more context for the user's risk level; you can see the risk score, the risk factors that inform the score, and more. By default, the Risk Investigation View shows events from the past seven days; you can change the date range if necessary.

    Refer to Explorer for more information about using the Explorer page.