auth0 · kushalshit27 · Dec 22, 2025 · Nov 24, 2025 · Dec 4, 2025 · Dec 4, 2025
@@ -576,6 +576,30 @@ phoneProviders:
 ]
 ```
 
+## Risk Assessments
+
+Risk assessments configuration allows you to enable or disable risk assessment features for your tenant.
+
+### YAML Example
+
+```yaml
+# Contents of ./tenant.yaml
+riskAssessment:
+  enabled: true
+```
+
+### Directory Example
+
+File: `./risk-assessments/settings.json`
+
+```json
+{
+  "enabled": true
+}
+```
+
+For more details, see the [Management API documentation](https://auth0.com/docs/api/management/v2#!/Risk_Assessments/get_settings).
+
 ## Connection Profiles
 
 Application specific configuration for use with the OIN Express Configuration feature

diff --git a/examples/directory/risk-assessments/settings.json b/examples/directory/risk-assessments/settings.json
@@ -0,0 +1,3 @@
+{
+  "enabled": false
+}
@@ -419,3 +419,8 @@ userAttributeProfiles:
         type: "email"
         required: true
 
+riskAssessment:
+  enabled: false
+  # newDevice:
+  #   remember_for: 30
+
@@ -18,6 +18,7 @@ import actions from './actions';
 import organizations from './organizations';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessments from './riskAssessments';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -69,6 +70,7 @@ const directoryHandlers: {
   organizations,
   triggers,
   attackProtection,
+  riskAssessment: riskAssessments,
   branding,
   phoneProviders,
   logStreams,

diff --git a/src/context/directory/handlers/riskAssessments.ts b/src/context/directory/handlers/riskAssessments.ts
@@ -0,0 +1,56 @@
+import path from 'path';
+import fs from 'fs-extra';
+import { constants } from '../../../tools';
+import { dumpJSON, existsMustBeDir, isFile, loadJSON } from '../../../utils';
+import { DirectoryHandler } from '.';
+import DirectoryContext from '..';
+import { ParsedAsset, Asset } from '../../../types';
+
+type ParsedRiskAssessment = ParsedAsset<'riskAssessment', Asset>;
+
+function parse(context: DirectoryContext): ParsedRiskAssessment {
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const riskAssessmentsFile = path.join(riskAssessmentsDirectory, 'settings.json');
+
+  if (!existsMustBeDir(riskAssessmentsDirectory)) {
+    return { riskAssessment: null };
+  }
+
+  if (!isFile(riskAssessmentsFile)) {
+    return { riskAssessment: null };
+  }
+
+  const riskAssessment = loadJSON(riskAssessmentsFile, {
+    mappings: context.mappings,
+    disableKeywordReplacement: context.disableKeywordReplacement,
+  });
+
+  return {
+    riskAssessment,
+  };
+}
+
+async function dump(context: DirectoryContext): Promise<void> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return;
+
+  const riskAssessmentsDirectory = path.join(
+    context.filePath,
+    constants.RISK_ASSESSMENTS_DIRECTORY
+  );
+  const riskAssessmentsFile = path.join(riskAssessmentsDirectory, 'settings.json');
+
+  fs.ensureDirSync(riskAssessmentsDirectory);
+  dumpJSON(riskAssessmentsFile, riskAssessment);
+}
+
+const riskAssessmentsHandler: DirectoryHandler<ParsedRiskAssessment> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentsHandler;
@@ -18,6 +18,7 @@ import organizations from './organizations';
 import actions from './actions';
 import triggers from './triggers';
 import attackProtection from './attackProtection';
+import riskAssessments from './riskAssessments';
 import branding from './branding';
 import phoneProviders from './phoneProvider';
 import logStreams from './logStreams';
@@ -67,6 +68,7 @@ const yamlHandlers: { [key in AssetTypes]: YAMLHandler<{ [key: string]: unknown
   organizations,
   triggers,
   attackProtection,
+  riskAssessment: riskAssessments,
   branding,
   phoneProviders,
   logStreams,

diff --git a/src/context/yaml/handlers/riskAssessments.ts b/src/context/yaml/handlers/riskAssessments.ts
@@ -0,0 +1,32 @@
+import { YAMLHandler } from '.';
+import YAMLContext from '..';
+import { Asset, ParsedAsset } from '../../../types';
+
+type ParsedRiskAssessment = ParsedAsset<'riskAssessment', Asset>;
+
+async function parse(context: YAMLContext): Promise<ParsedRiskAssessment> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return { riskAssessment: null };
+
+  return {
+    riskAssessment,
+  };
+}
+
+async function dump(context: YAMLContext): Promise<ParsedRiskAssessment> {
+  const { riskAssessment } = context.assets;
+
+  if (!riskAssessment) return { riskAssessment: null };
+
+  return {
+    riskAssessment,
+  };
+}
+
+const riskAssessmentsHandler: YAMLHandler<ParsedRiskAssessment> = {
+  parse,
+  dump,
+};
+
+export default riskAssessmentsHandler;
@@ -24,6 +24,7 @@ import * as actions from './actions';
 import * as triggers from './triggers';
 import * as organizations from './organizations';
 import * as attackProtection from './attackProtection';
+import * as riskAssessments from './riskAssessments';
 import * as logStreams from './logStreams';
 import * as customDomains from './customDomains';
 import * as themes from './themes';
@@ -66,6 +67,7 @@ const auth0ApiHandlers: { [key in AssetTypes]: any } = {
   triggers,
   organizations,
   attackProtection,
+  riskAssessment: riskAssessments,
   logStreams,
   customDomains,
   themes,

diff --git a/src/tools/auth0/handlers/riskAssessments.ts b/src/tools/auth0/handlers/riskAssessments.ts
@@ -0,0 +1,99 @@
+import DefaultAPIHandler from './default';
+import { Assets } from '../../../types';
+
+export const schema = {
+  type: 'object',
+  properties: {
+    enabled: {
+      type: 'boolean',
+      description: 'Whether or not risk assessment is enabled.',
+    },
+    newDevice: {
+      type: 'object',
+      properties: {
+        remember_for: {
+          type: 'number',
+          description: 'Length of time to remember devices for, in days.',
+        },
+      },
+      required: ['remember_for'],
+    },
+  },
+  required: ['enabled'],
+};
+
+export type RiskAssessmentsSettings = {
+  enabled: boolean;
+  newDevice?: {
+    remember_for: number;
+  };
+};
+
+export default class RiskAssessmentsHandler extends DefaultAPIHandler {
+  existing: RiskAssessmentsSettings | null;
+
+  constructor(config: DefaultAPIHandler) {
+    super({
+      ...config,
+      type: 'riskAssessment',
+    });
+  }
+
+  async getType(): Promise<RiskAssessmentsSettings> {
+    if (this.existing) {
+      return this.existing;
+    }
+
+    try {
+      const [settings, newDeviceSettings] = await Promise.all([
+        this.client.riskAssessments.getSettings(),
+        this.client.riskAssessments.getNewDeviceSettings().catch((err) => {
+          if (err?.statusCode === 404) return { data: { remember_for: 0 } };
+          throw err;
+        }),
+      ]);
+
+      this.existing = {
+        enabled: settings.data.enabled,
+        ...(newDeviceSettings.data.remember_for > 0 && {
+          newDevice: {
+            remember_for: newDeviceSettings.data.remember_for,
+          },
+        }),
+      };
+      return this.existing;
+    } catch (err) {
+      if (err.statusCode === 404) return { enabled: false };
+      throw err;
+    }
+  }
+
+  async processChanges(assets: Assets): Promise<void> {
+    const { riskAssessment } = assets;
+
+    // Non-existing section means it doesn't need to be processed
+    if (!riskAssessment) {
+      return;
+    }
+
+    const updates: Promise<unknown>[] = [];
+
+    // Update main settings (enabled flag)
+    const settings = {
+      enabled: riskAssessment.enabled as boolean,
+    };
+    updates.push(this.client.riskAssessments.updateSettings(settings));
+
+    // Update new device settings if provided
+    if (riskAssessment.newDevice) {
+      const newDeviceSettings = {
+        remember_for: riskAssessment.newDevice.remember_for as number,
+      };
+      updates.push(this.client.riskAssessments.updateNewDeviceSettings(newDeviceSettings));
+    }
+
+    await Promise.all(updates);
+    this.updated += 1;
+    this.didUpdate(riskAssessment);
+  }
+}
@@ -105,6 +105,7 @@ const constants = {
   CONNECTIONS_ID_NAME: 'id',
   ROLES_DIRECTORY: 'roles',
   ATTACK_PROTECTION_DIRECTORY: 'attack-protection',
+  RISK_ASSESSMENTS_DIRECTORY: 'risk-assessments',
   GUARDIAN_FACTORS: [
     'sms',
     'push-notification',

@@ -97,6 +97,7 @@ export type Asset = { [key: string]: any };
 export type Assets = Partial<{
   actions: Action[] | null;
   attackProtection: AttackProtection | null;
+  riskAssessment: Asset | null;
   branding:
     | (Asset & {
         templates?: { template: string; body: string }[] | null;
@@ -178,6 +179,7 @@ export type AssetTypes =
   | 'organizations'
   | 'triggers'
   | 'attackProtection'
+  | 'riskAssessment'
   | 'branding'
   | 'phoneProviders'
   | 'logStreams'