In an authorization policy, you can define a condition group that uses risk scores from Identity Server to protect a resource.
Defining a Condition Group and Assigning Actions:
Select Policies > Policies.
Select the policy container and click New.
Specify a name for the policy and select Access Gateway: Authorization for the type of policy.
From the Condition Group, select Risk Score. For more information about Comparison, Value, and Result on Condition Error, see Risk Score.
Select an action. See step 7 in Creating Access Gateway Authorization Policies.