User Risk Scoring Now Available

Cloudflare One, the company's SASE platform, has introduced User Risk Scores as a new dimension for zero-trust network access policies. Rather than relying solely on "who is this user" and "is their device healthy," security teams can now ask "how has this user been behaving lately" and adjust access in real time.

How Risk Scores Are Calculated

The risk engine continuously evaluates telemetry from across the Cloudflare SASE platform:

• Internal signals from Cloudflare Access (login attempts, geographic context) and Gateway (malware hits, DLP violations)
• External signals from integrated partners like CrowdStrike and SentinelOne
• Deterministic scoring logic that aggregates risk behaviors and assigns a user a risk level (low, medium, or high)

Administrators can customize which risk behaviors matter to their organization—such as impossible travel, multiple failed logins, or sensitive data exfiltration attempts.

Adaptive Access Policies

Security teams can now create dynamic policies that automatically enforce conditional access based on risk levels. Examples include:

• Deny access to critical applications if risk is high
• Require physical security keys for medium-risk users
• Automatically restore access when risk scores drop after investigation

Access can be revoked mid-session when risk increases, and the system integrates with identity providers like Okta to share risk signals across platforms using the Shared Signals Framework.

Availability and Next Steps

The feature is available today in the Cloudflare dashboard for existing customers. Cloudflare offers free access for up to 50 users with no sales call required, making this accessible for security teams evaluating risk-based access controls.