Adaptive Risk Authentication has been built into most SSO products these days. Should I say all? It used to be an add-on module or by-product, which customers have to pay extra. However, these days, we are seeing that this feature is shipped by default.
So, what makes a good authentication of choice? I found this slide from a CA webinar.