Third-party risk provider integration questions

I have some questions regarding the third-party risk provider integration option.

  1. Once the risk provider object is created and the provider is able to send the risk events is it possible to create access policy rules that are specific to the provider and in turn enable Okta to take action based on these rules alone?

  2. According to the documentation the risk event API request includes an IP address and the risk level, since multiple end users can access from a single IP address is there to differentiate and send the risk events for specific users or does the action apply to IP addresses only?

  3. Per the documentation the risk event API has a rate limit of 30 requests per minute and a max of 20 events per request, what will be the behaviour in case more then 30 requests are sent? is there anyway to increase both limitations?

Hi @Guy5! Please open a support ticket through an email to with this issue. One of our Support Engineers will be happy research this further with you.