This article provides steps to save Adaptive Multi-Factor Authentication (MFA) risk assessment scores to a user's app_metadata using a Post-Login Action.

• Adaptive MFA

• Actions

• App Metadata

To save the Adaptive MFA risk scores, create and deploy a Post-Login Action with the provided script.

1. Navigate to Actions > Library and select Create Action > Create Custom Action.

2. On the Create Action modal, enter a Name for the Action, select Login / Post Login as the trigger, and select Create.

3. In the Action editor, enter the following code:

   exports.onExecutePostLogin = async (event, api) => {
     if (event.authentication && event.authentication.riskAssessment) {
       const riskAssessment = event.authentication.riskAssessment;
   
       const overallScore = riskAssessment.confidence;
       const newDeviceScore = riskAssessment.assessments?.NewDevice?.confidence;
       const impossibleTravelScore = riskAssessment.assessments?.ImpossibleTravel?.confidence;
       const untrustedIPScore = riskAssessment.assessments?.UntrustedIP?.confidence;
   
       const riskData = {
         overallScore: overallScore,
         assessments: {
           newDevice: newDeviceScore,
           impossibleTravel: impossibleTravelScore,
           untrustedIP: untrustedIPScore
         }
       };
   
       api.user.setAppMetadata("risk_assessment_history", riskData);
     }
   };

4. Select the Deploy button.

5. Add the new Action to the Login flow by navigating to Actions > Triggers > Post-Login.

6. Log in to an application to trigger the flow. After a successful login, the risk assessment data is saved to the user's app_metadata.

NOTE: This script is an example and is not production-ready. It must be tested thoroughly in a development environment before deployment.